Bug #5374
closedpcap-log: breaking change in file names
Description
With conditional logging now merged, the output filenames when reading from a pcap are now 0 indexed instead of time indexed, whether or not conditional logging is used.
Ideally there should be no change here as I think the old behaviour is preferable. If this is not possible, a reason for the change and upgrade documentation should be provided.
JI Updated by Jason Ish almost 4 years ago
- Related to Feature #120: Capture full session on alert added
EL Updated by Eric Leblond almost 4 years ago
If I remember correctly the 0 is just there for the initial file in pcap reading mode. In live mode, I think it is correct but let me check this.
JI Updated by Jason Ish almost 4 years ago
Eric Leblond wrote in #note-2:
If I remember correctly the 0 is just there for the initial file in pcap reading mode. In live mode, I think it is correct but let me check this.
Correct, in live mode its OK. However, in 6.0.x, even in pcap mode the file gets a timestamp based on the input packets.
VJ Updated by Victor Julien over 3 years ago
- Target version changed from 7.0.0-beta1 to 7.0.0-rc1
VJ Updated by Victor Julien over 3 years ago
- Priority changed from Normal to High
JI Updated by Jason Ish over 3 years ago
- Assignee changed from OISF Dev to Jason Ish
VJ Updated by Victor Julien over 3 years ago
- Status changed from New to Assigned
JI Updated by Jason Ish over 3 years ago
- Status changed from Assigned to In Review
VJ Updated by Victor Julien about 3 years ago
- Status changed from In Review to Closed
- Priority changed from High to Normal