Bug #5374
closedpcap-log: breaking change in file names
Description
With conditional logging now merged, the output filenames when reading from a pcap are now 0 indexed instead of time indexed, whether or not conditional logging is used.
Ideally there should be no change here as I think the old behaviour is preferable. If this is not possible, a reason for the change and upgrade documentation should be provided.
Updated by Jason Ish almost 2 years ago
- Related to Feature #120: Capture full session on alert added
Updated by Eric Leblond almost 2 years ago
If I remember correctly the 0 is just there for the initial file in pcap reading mode. In live mode, I think it is correct but let me check this.
Updated by Jason Ish almost 2 years ago
Eric Leblond wrote in #note-2:
If I remember correctly the 0 is just there for the initial file in pcap reading mode. In live mode, I think it is correct but let me check this.
Correct, in live mode its OK. However, in 6.0.x, even in pcap mode the file gets a timestamp based on the input packets.
Updated by Victor Julien over 1 year ago
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
Updated by Jason Ish over 1 year ago
- Assignee changed from OISF Dev to Jason Ish
Updated by Jason Ish over 1 year ago
- Status changed from Assigned to In Review
Updated by Victor Julien about 1 year ago
- Status changed from In Review to Closed
- Priority changed from High to Normal