Project

General

Profile

Actions
Copy link

Bug #732

closed

UNIX Socket will stop processing pcaps if log drive becomes full

Added by Felix Ingram over 11 years ago. Updated over 6 years ago.

Status:
Closed
Priority:
Low
Assignee:
-
Target version:
-
Affected Versions:
Effort:
Difficulty:
Label:

Description

Potentially not an issue Suricata should be concerned with but if the drive being logged to becomes full then the processing of pcaps in the queue will halt and will not continue when more space becomes available.

In some run modes (real time capture, for example) then full disks would result in lost events but offline pcap reading modes could afford to wait for disk space to become free.

Actions
Copy link
 #1

Updated by Victor Julien over 10 years ago

  • Target version set to TBD
Actions
Copy link
 #2

Updated by Andreas Herz over 8 years ago

  • Status changed from New to Closed
Actions
Copy link
 #3

Updated by Victor Julien over 6 years ago

  • Target version deleted (TBD)
Actions
Copy link

Also available in: Atom PDF