Feature #724
closedPrevent resetting in UNIX socket mode
Description
The UNIX socket mode allows multiple pcaps to be submitted to the engine. At the moment the pcaps are processed in the order in which they are submitted and the engine is reset before each file is processed.
Any events that would have been triggered by a stream that spans separate files will therefore not be reported.
The new feature would prevent the resetting of the engine between pcaps and would produce results similar to what would have been generated if the pcaps had been merged and submitted to the engine as a single file.
The UNIX socket currently allows a log directory to be submitted with each file, so a design decision would have to be made as to which directory received the alert.
Updated by Victor Julien over 11 years ago
- Status changed from New to Assigned
- Assignee set to Eric Leblond
- Target version set to TBD
Updated by Victor Julien over 6 years ago
- Assignee changed from Eric Leblond to Danny Browning
- Target version changed from TBD to 70
Updated by Danny Browning over 6 years ago
- Is duplicate of Feature #2222: Batch submission of PCAPs over the socket added
Updated by Danny Browning over 6 years ago
- Status changed from Assigned to Closed
Closing as duplicate of https://redmine.openinfosecfoundation.org/issues/2222
Updated by Victor Julien over 6 years ago
- Is duplicate of deleted (Feature #2222: Batch submission of PCAPs over the socket)
Updated by Victor Julien over 6 years ago
- Status changed from Closed to Assigned
Updated by Victor Julien over 6 years ago
- Related to Feature #2222: Batch submission of PCAPs over the socket added
Updated by Victor Julien over 6 years ago
- Has duplicate Feature #1476: Suricata Unix socket PCAP processing stats should not need to reset after each run added
Updated by Victor Julien over 6 years ago
- Status changed from Assigned to Closed
- Target version changed from 70 to 4.1beta1