Project

General

Profile

Actions

Feature #5649

open

Task #5645: tracking: elephant flow detection

eve.flow: add thread id(s) processing a flow to the record

Added by Victor Julien about 2 years ago. Updated about 2 years ago.

Status:
New
Priority:
Normal
Assignee:
Target version:
Effort:
Difficulty:
Label:

Description

Log which thread id handled a flow. Can be 2 when in IPS mode, so should probably be an array of id's.

Open question: should we track all thread id's in case of the wrong thread issue? See #2725.

Actions

Also available in: Atom PDF