<div dir="ltr">We're trying to use the meta files and data files created by Suricata to send data to one of our servers. However, we're running into an issue where if we open a file too early that we get incomplete data either from the data file or meta file. Note that we also have force-magic, MD5 hash, and file extraction as the enabled states in our Suricata.yaml file.<div>
<br></div><div style>What condition can we assume to be true so that we can open and read the meta file and the data file safely without it being incomplete?</div><div style><br></div><div style>Using python as our scripting language to access those files, I assumed that if the data file was done, that all the data in the meta file would be complete as well, but I get scenarios where the MAGIC, STATE, MD5, and SIZE were missing. I'm assuming this is because Suricata is calculating those values from the data file, then reopening the meta file and adding those last values in?</div>
<div style><br></div><div style><br></div><div style>Vince</div></div>