[Oisf-users] How many of you use "filestore" ?

Peter Manev petermanev at gmail.com
Sat Apr 21 07:51:47 UTC 2012 

On 4/20/2012 5:54 PM, Rich Rumble wrote:
> On Fri, Apr 20, 2012 at 11:50 AM, Marcos Rodriguez
> <marcos.e.rodriguez at gmail.com> wrote:
>> On Thu, Apr 12, 2012 at 10:24 AM, Victor Julien <victor at inliniac.net> wrote:
>>> On 04/12/2012 01:25 PM, Travel Factory S.r.l. wrote:
>>>> - used IE. When waiting for a long time before confirming the file
>>>> name, I get truncated files, actually about 160kb. If I confirm
>>>> quickly I get all the file.
>>> Does this problem go away if you increase your timeouts again?
>>> ---------------------------------------------
>>> Victor Julien
>>> http://www.inliniac.net/
>>> PGP: http://www.inliniac.net/victorjulien.asc
>>> ---------------------------------------------
>>> Oisf-users mailing list
>>> Oisf-users at openinfosecfoundation.org
>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> Hi Guys,
>>
>> I know I'm a day late and a dollar short here.  I wanted to chime in on my
>> experiences with file extraction so far.
>>
>> I used to have this problem as well.  First, I increased my timeouts per
>> Victor's suggestion.  Using the latest git version, Suricata's able to
>> reliably extract files for analysis.  I also had to do some dag tuning, but
>> it looks like I'm good to go now.
>>
>> Once I applied the patch provided by Jason Ish, I've had no issues related
>> to the DAG cards anymore.
> I replied to OP instead of to the thread/list:
> There may be a few config tweaks that have to happen, as well as
> hardware. I was getting incomplete files on windows until I changed
> a few things, I had to turn off checksum'ing on the NIC for one then
> up the file sizes in the config (set to 0 for infinite):
> https://redmine.openinfosecfoundation.org/projects/suricata/wiki/File_Extraction
> -rich
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users

Totally off topic - but in line with Rich's last reply - how is Sury
behaving under windows so far?
any troubles - i had none in my tests , but just wanted to confirm with
someone who is using it "live".

thanks

-- 
Regards,
Peter Manev

More information about the Oisf-users mailing list