[Oisf-devel] Is there a way to let suricata send log per thread in workers mode?

[Wendy Huang]

Hello team,

I'm trying to use the workers mode.
In my understanding, it means that all the decoding, streaming, siganture, output for one packet are done in the same thread.
Therefore I'm wondering if I can get log from each thread independently.
I only found that pcap log can do such of things, but others cannot.
>From the source code I think there's a log buffer in each thread, but finally they'll be wriiten to the same log file.
Do you have any suggestion or plan to let per thread output their own log?
Thank you very much!


Regards,
Wendy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20170607/4fe56f06/attachment.html>