Feature #3212
openPrevent duplicate pcaps from being re-processed
Description
Hi,
Is there a way for Suricata to keep track of the pcaps that had been processed and do not reprocess the same pcap again?
This is in the context of running with the command line option of -r.
Thank you.
VJ Updated by Victor Julien over 6 years ago
What is your use case?
I think this is more a task of tooling around Suricata.
AH Updated by Andreas Herz over 6 years ago
- Assignee set to Community Ticket
- Target version set to TBD
PP Updated by Peter Pan over 6 years ago
Victor Julien wrote:
What is your use case?
I think this is more a task of tooling around Suricata.
Use case is to look at the different types of traffic patterns in pcaps. But sometimes, the same pcaps get re-submitted for processing by mistake and the reviewing the results from Kibana gave the wrong impression of a spike in certain traffic.
This can be handled with more manual care but just wondering if there can be some technical solution. Eg: using --pcap-file-continuous will at least ensure that pcap with same filename would not be re-processed?