Actions
Optimization #5680
openeve-log: reduce duplication of info
Effort:
Difficulty:
Label:
Description
Eg: just keep flow id or community id for HTTP logs, for instance, and this would hold the info for the correlated events.
Updated by Juliana Fajardini Reichow about 2 years ago
- Related to Task #5488: Suricon 2022 brainstorm added
Updated by Victor Julien about 2 years ago
The request was in part to reduce IO pressure, which I understand, but I also feel this is mostly a post-processing function. See the work by the vast.io folks to compress data for example.
I would like to avoid a runtime cost by suricata to do any kind of de-duplication. Perhaps simply having more control over which fields are logged per eve type are enough?
Updated by Victor Julien about 2 years ago
- Assignee changed from OISF Dev to Community Ticket
Actions