[Oisf-users] problem with filestore

Peter Manev petermanev at gmail.com
Thu Mar 16 14:08:00 UTC 2017


On Fri, Mar 10, 2017 at 10:18 PM, Cooper F. Nelson <cnelson at ucsd.edu> wrote:
> It's definitely a new-ish feature.  I certainly didn't know about it!
>
> It's also a *huge* performance improvement over using the old libmagic
> process for file extraction.  I'm seeing a 20-30% performance
> improvement doing file extraction via hyperscan vs. libmagic.

Cooper -  how do you do the file extraction with hyperscan in your case?
You still need to compile your own magic or?

>
> -Coop
>
> On 3/10/2017 10:58 AM, erik clark wrote:
>> Yeah, the sig loads in 3.2 fine. Turns out that this will do a filestore
>> exactly as the sig is written! So this looks like it just won't work in
>> 3.1.3 for some reason. Sorry for all the trouble. I will look into this
>> a little more.
>
>
> --
> Cooper Nelson
> Network Security Analyst
> UCSD ITS Security Team
> cnelson at ucsd.edu x41042
>
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>



-- 
Regards,
Peter Manev



More information about the Oisf-users mailing list