[Oisf-users] Flow updates
Michael da Silva Pereira
michael at cloudgroup.co.za
Mon Dec 7 13:31:27 UTC 2015
Good day,
I've been messing around with the flows in suricata2.1+ and I've come
across a potential requirement I would need it to do.
Currently it seems flows are only written out on connection close/timeout,
is this modifiable to include a update, or specific interval of traffic to
send a updated flow (ie, reason = update).
My issue is that I might have a flow last several hours on a stable
connection, and can only account for the traffic once the flow is closed.
I've had a look at the source code, however my C is very limited and I
can't work out what's actually writing out the flow records for the
flow-manager.
Any help would be appreciated.
Thanks,
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151207/ac460dd6/attachment.html>
More information about the Oisf-users
mailing list