Support #3545
closed
Not ALL file logs recored into eve.log
Added by Joy Cao about 4 years ago.
Updated about 2 years ago.
Description
vertion: 5.0.1
Reproduce steps:
1. Enable file logs in eve: eve-log:types:files:enabled:yes
2. Enable file store:
- file-store:
version: 2
enabled: yes
Actual results:
1. Many files can be stored in files/xx/ folders as expected.
2. But less file logs than the number of stored files were recored into eve log file.
- Tracker changed from Bug to Support
- Assignee set to Joy Cao
- Effort deleted (
high)
Without more details it's hard to help you. What runmode, how do you run suricata etc.
"suricata -i eth0 -c suricata.yaml"
I want to run suricata with the above command to monitor HTTP traffic on eth0. No special settings was changed, and just for files extraction. I'm not sure the runmode, and it should be in the default runmode type.
Rule settings: emerging-all.rules, and an alert rule with filestore.
- Priority changed from High to Normal
Are you able to provide a pcap based test case?
- Status changed from New to Closed
Also available in: Atom
PDF