Bug #732: UNIX Socket will stop processing pcaps if log drive becomes full - Suricata - Open Information Security Foundation

Actions

Copy link

Bug #732

closed

UNIX Socket will stop processing pcaps if log drive becomes full

Added by Felix Ingram almost 12 years ago. Updated about 7 years ago.

Status:

Closed

Priority:

Low

Assignee:

Target version:

Affected Versions:

Effort:

Difficulty:

Label:

Description

Potentially not an issue Suricata should be concerned with but if the drive being logged to becomes full then the processing of pcaps in the queue will halt and will not continue when more space becomes available.

In some run modes (real time capture, for example) then full disks would result in lost events but offline pcap reading modes could afford to wait for disk space to become free.

History
Property changes

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Suricata

Custom queries

Bug #732

UNIX Socket will stop processing pcaps if log drive becomes full

Updated by Victor Julien about 11 years ago

Updated by Andreas Herz almost 9 years ago

Updated by Victor Julien about 7 years ago