[Oisf-users] How many of you use "filestore" ?

Rich Rumble richrumble at gmail.com
Fri Apr 20 15:54:27 UTC 2012


On Fri, Apr 20, 2012 at 11:50 AM, Marcos Rodriguez
<marcos.e.rodriguez at gmail.com> wrote:
> On Thu, Apr 12, 2012 at 10:24 AM, Victor Julien <victor at inliniac.net> wrote:
>> On 04/12/2012 01:25 PM, Travel Factory S.r.l. wrote:
>> > - used IE. When waiting for a long time before confirming the file
>> > name, I get truncated files, actually about 160kb. If I confirm
>> > quickly I get all the file.
>> Does this problem go away if you increase your timeouts again?
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> Hi Guys,
>
> I know I'm a day late and a dollar short here.  I wanted to chime in on my
> experiences with file extraction so far.
>
> I used to have this problem as well.  First, I increased my timeouts per
> Victor's suggestion.  Using the latest git version, Suricata's able to
> reliably extract files for analysis.  I also had to do some dag tuning, but
> it looks like I'm good to go now.
>
> Once I applied the patch provided by Jason Ish, I've had no issues related
> to the DAG cards anymore.
I replied to OP instead of to the thread/list:
There may be a few config tweaks that have to happen, as well as
hardware. I was getting incomplete files on windows until I changed
a few things, I had to turn off checksum'ing on the NIC for one then
up the file sizes in the config (set to 0 for infinite):
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File_Extraction
-rich



More information about the Oisf-users mailing list