Support #3545
closedNot ALL file logs recored into eve.log
Description
vertion: 5.0.1
Reproduce steps:
1. Enable file logs in eve: eve-log:types:files:enabled:yes
2. Enable file store:
- file-store:
version: 2
enabled: yes
Actual results:
1. Many files can be stored in files/xx/ folders as expected.
2. But less file logs than the number of stored files were recored into eve log file.
Updated by Andreas Herz about 4 years ago
- Tracker changed from Bug to Support
- Assignee set to Joy Cao
- Effort deleted (
high)
Without more details it's hard to help you. What runmode, how do you run suricata etc.
Updated by Joy Cao about 4 years ago
"suricata -i eth0 -c suricata.yaml"
I want to run suricata with the above command to monitor HTTP traffic on eth0. No special settings was changed, and just for files extraction. I'm not sure the runmode, and it should be in the default runmode type.
Rule settings: emerging-all.rules, and an alert rule with filestore.
Updated by Victor Julien almost 4 years ago
- Priority changed from High to Normal
Are you able to provide a pcap based test case?
Updated by Andreas Herz about 2 years ago
- Status changed from New to Closed
Hi, we're closing this issue since there have been no further responses.
If you think this issue is still relevant, try to test it again with the
most recent version of suricata and reopen the issue. If you want to
improve the bug report please take a look at
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Reporting_Bugs