[Oisf-devel] Suricata file-store not logging md5

Mike Cox mike.cox52 at gmail.com
Mon Apr 30 14:38:23 UTC 2012

I have grabbed the latest version of Suricata from GIT and enabled
file-store.  However, in the meta file, I do not see the md5 sum being
logged.  Of course, if the file is logged too, calculating the md5 on
the sensor machine (outside of Suricata) is trivial but I though it
would log the md5 if it was enabled.  From my config .yaml file:

 - file-store:
     enabled: yes       # set to yes to enable
     log-dir: files    # directory to store the files
     force-magic: yes   # force logging magic on all stored files
     force-md5: yes     # force logging of md5 checksums
     #waldo: file.waldo # waldo file to store the file-id across runs

I have the stream reassembly and HTTP request/response body sizes set
high enough that I am getting all of the file but I don't see the MD5
sum logged.  From the meta file:

TIME:              04/28/2012-03:31:01.457465
PROTO:             6
SRC PORT:          80
DST PORT:          24593
HTTP HOST:         download.windowsupdate.com
HTTP REFERER:      <unknown>
MAGIC:             PE32+ executable for MS Windows (GUI)
STATE:             CLOSED
SIZE:              5382

Also, does the filename normally include all the URL?

This is Suricata 1.3dev (rev e6dea5c).


 -Mike Cox

More information about the Oisf-devel mailing list