<html><head></head><body>I might be seeing this same issue.  But I might be seeing it on Suricata 1.4 also.<br><br>Leonard Jacobs<br><br><div>Jose Paulo <paulo@sistemasolar.com.br> , 4/8/2013 9:34 AM:<br><blockquote style="margin: 0px 0px 0px 0.8ex; padding-left: 1ex; border-left-color: blue; border-left-width: 2px; border-left-style: solid;">Hello all.
<br>
<br>I'm getting an estrange behavior.
<br>I'm utilizing fast.log as output, but the Suricata is flushing the log's
<br>file only after the tcp stream is closed.
<br>Is there any parameter for this, in suricata.yaml or OS?
<br>
<br>OS is Linux and Suricata is 1.4.1 RELEASE.
<br>
<br>Thanks in advance.
<br>
<br>José Paulo
<br>
<br>
<br>_______________________________________________
<br>Suricata IDS Users mailing list: <a class="mailto" href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a>
<br>Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a>
<br>List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a>
<br>OISF: <a href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a>
<br></blockquote></div></body></html>