Actions
Feature #552
closed
MJ
EL
Feature #571: interactive unix socket
State Reset for multiple pcap processing
Feature #552:
State Reset for multiple pcap processing
Effort:
Difficulty:
Label:
Description
Would it be possible to have a signal that would cause suricata to reset it's flowbits, flowint's, and threshold counters?
The intent is to be able to have a running suricata instance that could be fed traffic from many disparate pcaps for analysis, but not let data or state from one affect the next.
Ideally an event to log this would be useful so post analysis knows the division between pcaps.
Or, if easier, if we could change pcap mode to be able to take a list of pcaps in, and reset between each pcap (as an option, this wouldn't be ideal every time).
VJ Updated by Victor Julien over 13 years ago
- Status changed from New to Assigned
- Assignee set to Eric Leblond
Part of unix socket work.
VJ Updated by Victor Julien over 13 years ago
- Parent task set to #571
EL Updated by Eric Leblond over 13 years ago
- Target version set to 1.4beta3
- % Done changed from 0 to 90
VJ Updated by Victor Julien over 13 years ago
- Target version changed from 1.4beta3 to 1.4rc1
VJ Updated by Victor Julien over 13 years ago
- Status changed from Assigned to Closed
Merged https://github.com/inliniac/suricata/pull/215, thanks!
VJ Updated by Victor Julien over 13 years ago
- % Done changed from 90 to 100
Actions