<div dir="ltr">



<div style="font-size:14px;text-decoration-style:initial;text-decoration-color:initial">I am extracting files from Suricata file-store 1.0 and 2.0. </div><div style="font-size:14px;text-decoration-style:initial;text-decoration-color:initial">Because of my role, I am sticking to file-store v1.0. However, whereas logs in JSON(file-store v2) are stored correctly, </div><div style="font-size:14px;text-decoration-style:initial;text-decoration-color:initial">logs in filestore v1.0 does not record original file names. </div><div style="font-size:14px;text-decoration-style:initial;text-decoration-color:initial">As you see in the code</div><div style="font-size:14px;text-decoration-style:initial;text-decoration-color:initial"><a href="https://github.com/CPP-CProgramming/suricata4Dev/blob/master/src/log-filestore.c#L392" target="_blank" style="color:rgb(17,85,204)">https://github.com/CPP-<wbr>CProgramming/suricata4Dev/<wbr>blob/master/src/log-filestore.<wbr>c#L392</a></div><div style="font-size:14px;text-decoration-style:initial;text-decoration-color:initial">for filestore v1.0</div><div style="font-size:14px;text-decoration-style:initial;text-decoration-color:initial"><a href="https://github.com/CPP-CProgramming/suricata4Dev/blob/master/src/output-json-file.c#L148" target="_blank" style="color:rgb(17,85,204)">https://github.com/CPP-<wbr>CProgramming/suricata4Dev/<wbr>blob/master/src/output-json-<wbr>file.c#L148</a></div><div style="font-size:14px;text-decoration-style:initial;text-decoration-color:initial">for filsstore v2.0</div><div style="font-size:14px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="font-size:14px;text-decoration-style:initial;text-decoration-color:initial">I do not see any difference in code. There must be another way of making a correct file name.</div><div style="font-size:14px;text-decoration-style:initial;text-decoration-color:initial">Can any of you tell me about it where to change the code so that I will be able to display a correct filename</div><div style="font-size:14px;text-decoration-style:initial;text-decoration-color:initial">with Ver 1.0 file store?</div><div style="font-size:14px;text-decoration-style:initial;text-decoration-color:initial">Or convert JSON text log into a non JSON text format?</div><div style="font-size:14px;text-decoration-style:initial;text-decoration-color:initial"><br></div><div style="font-size:14px;text-decoration-style:initial;text-decoration-color:initial">Lots of love </div>


<br></div>