[Oisf-users] Suricata Flow - Logging of intermediate states
Jason Ish
jason.ish at oisf.net
Wed Nov 6 02:49:49 UTC 2019
Hello Christoph,
On 2019-10-16 2:35 a.m., cyberdi at mailbox.org wrote:
> Hi,
>
> I am using suricata flows to watch out for long lasting sessions.
> As far as I know suricata is logging the flow details after the session
> was closed or timed out.
> https://suricata.readthedocs.io/en/suricata-5.0.0/configuration/suricata-yaml.html#flow-time-outs
>
>
> Is there a possibility to configure suricata to write down also
> intermediate flow states to the eve.json file?
> For example bringing suricata to log all flow states every hour to
> eve.json?
We do have an open ticket for this feature:
https://redmine.openinfosecfoundation.org/issues/2301
Development wise I do not believe it will be that difficult. The issue
more around how these intermediate states should be logged. If you have
any thoughts, please add them to the ticket.
Thanks,
Jason
More information about the Oisf-users
mailing list