Project

General

Profile

Actions
Copy link

Feature #4406

closed

unix socket: Get flow information by flow_id

Added by Eric Leblond about 3 years ago. Updated over 1 year ago.

Status:
Closed
Priority:
Normal
Assignee:
Eric Leblond
Target version:
7.0.0-beta1
Effort:
low
Difficulty:
medium
Label:

Description

When a flow is long duration and is not yet dead, we can know it exists (via application layer logging) but we can't know anything about the volume of data exchanged. This is not helping to characterize the nature of the flow. For example, we can not differentiate a scp session and a ssh session (same example work on TLS tunnel).

A way to get information is to be able to query the unix socket to get the volumetry information from the flow.

Actions
Copy link
 #1

Updated by Victor Julien about 3 years ago

It's unclear to me what your idea is here? Can you expand more?

Actions
Copy link
 #2

Updated by Victor Julien almost 2 years ago

  • Subject changed from Get flow information by flow_id to unix socket: Get flow information by flow_id
  • Status changed from New to In Review
Actions
Copy link
 #3

Updated by Victor Julien over 1 year ago

  • Status changed from In Review to Closed
Actions
Copy link

Also available in: Atom PDF