filestore: add option to disable meta file writing

As the fileinfo entry is containing the file_id it is enough to
have this entry to link the extracted file with metadata.

diff --git a/src/log-filestore.c b/src/log-filestore.c
index 448b3ee3e49253da4817af2050e3e1fb3ff3702a..90e6cd7f465fa7e560e1aa296f5a91d773d225e2 100644 (file)
--- a/src/log-filestore.c
+++ b/src/log-filestore.c
@@ -168,7 +168,24 @@ static void LogFilestoreMetaGetSmtp(FILE *fp, const Packet *p, const File *ff)
     }
 }
 
+/** \brief switch to write meta file
+ */
+static int g_file_write_meta = 1;
+
+static void FileWriteMetaDisable(void)
+{
+    g_file_write_meta = 0;
+}
+
+static int FileWriteMeta(void)
+{
+    return g_file_write_meta;
+}
+
 static void LogFilestoreLogCreateMetaFile(const Packet *p, const File *ff, char *filename, int ipver) {
+    if (!FileWriteMeta())
+        return;
+
     char metafilename[PATH_MAX] = "";
     snprintf(metafilename, sizeof(metafilename), "%s.meta", filename);
     FILE *fp = fopen(metafilename, "w+");
@@ -241,6 +258,9 @@ static void LogFilestoreLogCreateMetaFile(const Packet *p, const File *ff, char
 
 static void LogFilestoreLogCloseMetaFile(const File *ff)
 {
+    if (!FileWriteMeta())
+        return;
+
     char filename[PATH_MAX] = "";
     snprintf(filename, sizeof(filename), "%s/file.%u",
             g_logfile_base_dir, ff->file_store_id);
@@ -484,6 +504,12 @@ static OutputCtx *LogFilestoreLogInitCtx(ConfNode *conf)
         SCLogInfo("forcing magic lookup for stored files");
     }
 
+    const char *write_meta = ConfNodeLookupChildValue(conf, "write-meta");
+    if (write_meta != NULL && !ConfValIsTrue(write_meta)) {
+        FileWriteMetaDisable();
+        SCLogInfo("File-store output will not write meta files");
+    }
+
     FileForceHashParseCfg(conf);
     SCLogInfo("storing files in %s", g_logfile_base_dir);
 

diff --git a/src/util-file.c b/src/util-file.c
index 0fb6da10df15e608903c93400d720613f49027ca..86dd8df2674cb056d01551ba38bc97d88dbce584 100644 (file)
--- a/src/util-file.c
+++ b/src/util-file.c
@@ -149,7 +149,6 @@ void FileForceTrackingEnable(void)
     g_file_force_tracking = 1;
 }
 
-
 /**
  * \brief Function to parse forced file hashing configuration.
  */

diff --git a/suricata.yaml.in b/suricata.yaml.in
index 4e873844084a9eb722f3f6247145411444b31396..d0462f70797a6472dd37df7a13c3f1105aafc9a7 100644 (file)
--- a/suricata.yaml.in
+++ b/suricata.yaml.in
@@ -440,6 +440,8 @@ outputs:
       # perform file extraction. Set to 0 for unlimited.
       #stream-depth: 0
       #waldo: file.waldo # waldo file to store the file_id across runs
+      # uncomment to disable meta file writing
+      #write-meta: no
 
   # output module to log files tracked in a easily parsable json format
   - file-log: