aiden
/
suricata
mirror of https://github.com/OISF/suricata
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

filestore: add option to disable meta file writing

Browse Source 
As the fileinfo entry is containing the file_id it is enough to
have this entry to link the extracted file with metadata.
pull/2752/head
Eric Leblond 9 years ago committed by Victor Julien
parent 098aced714
commit 54718b306e
3 changed files with 28 additions and 1 deletions
Show Stats Download Patch File Download Diff File

26
src/log-filestore.c
Unescape Escape View File

@ -168,7 +168,24 @@ static void LogFilestoreMetaGetSmtp(FILE *fp, const Packet *p, const File *ff)
} }
} }
/** \brief switch to write meta file
*/
static int g_file_write_meta = 1;
static void FileWriteMetaDisable(void)
{
g_file_write_meta = 0;
}
static int FileWriteMeta(void)
{
return g_file_write_meta;
}
static void LogFilestoreLogCreateMetaFile(const Packet *p, const File *ff, char *filename, int ipver) { static void LogFilestoreLogCreateMetaFile(const Packet *p, const File *ff, char *filename, int ipver) {
if (!FileWriteMeta())
return;
char metafilename[PATH_MAX] = ""; char metafilename[PATH_MAX] = "";
snprintf(metafilename, sizeof(metafilename), "%s.meta", filename); snprintf(metafilename, sizeof(metafilename), "%s.meta", filename);
FILE *fp = fopen(metafilename, "w+"); FILE *fp = fopen(metafilename, "w+");
@ -241,6 +258,9 @@ static void LogFilestoreLogCreateMetaFile(const Packet *p, const File *ff, char
static void LogFilestoreLogCloseMetaFile(const File *ff) static void LogFilestoreLogCloseMetaFile(const File *ff)
{ {
if (!FileWriteMeta())
return;
char filename[PATH_MAX] = ""; char filename[PATH_MAX] = "";
snprintf(filename, sizeof(filename), "%s/file.%u", snprintf(filename, sizeof(filename), "%s/file.%u",
g_logfile_base_dir, ff->file_store_id); g_logfile_base_dir, ff->file_store_id);
@ -484,6 +504,12 @@ static OutputCtx *LogFilestoreLogInitCtx(ConfNode *conf)
SCLogInfo("forcing magic lookup for stored files"); SCLogInfo("forcing magic lookup for stored files");
} }
const char *write_meta = ConfNodeLookupChildValue(conf, "write-meta");
if (write_meta != NULL && !ConfValIsTrue(write_meta)) {
FileWriteMetaDisable();
SCLogInfo("File-store output will not write meta files");
}
FileForceHashParseCfg(conf); FileForceHashParseCfg(conf);
SCLogInfo("storing files in %s", g_logfile_base_dir); SCLogInfo("storing files in %s", g_logfile_base_dir);

1
src/util-file.c
Unescape Escape View File

@ -149,7 +149,6 @@ void FileForceTrackingEnable(void)
g_file_force_tracking = 1; g_file_force_tracking = 1;
} }
/** /**
* \brief Function to parse forced file hashing configuration. * \brief Function to parse forced file hashing configuration.
*/ */

2
suricata.yaml.in
Unescape Escape View File

@ -440,6 +440,8 @@ outputs:
# perform file extraction. Set to 0 for unlimited. # perform file extraction. Set to 0 for unlimited.
#stream-depth: 0 #stream-depth: 0
#waldo: file.waldo # waldo file to store the file_id across runs #waldo: file.waldo # waldo file to store the file_id across runs
# uncomment to disable meta file writing
#write-meta: no
# output module to log files tracked in a easily parsable json format # output module to log files tracked in a easily parsable json format
- file-log: - file-log:

Write Preview
Loading…
Cancel
Save