::
- file-store:
- enabled: yes # set to yes to enable
- log-dir: files # directory to store the files
- force-magic: no # force logging magic on all stored files
- force-hash: [md5] # force logging of md5 checksums
- stream-depth: 1mb # reassemble 1mb into a stream, set to no to disable
- waldo: file.waldo # waldo file to store the file_id across runs
- max-open-files: 0 # how many files to keep open (O means none)
- write-meta: yes # write a .meta file if set to yes
- include-pid: yes # include the pid in filenames if set to yes.
+ enabled: yes # set to yes to enable
+ log-dir: files # directory to store the files
+ force-magic: no # force logging magic on all stored files
+ force-hash: [md5] # force logging of md5 checksums
+ force-filestore: no # force storing of all files
+ stream-depth: 1mb # reassemble 1mb into a stream, set to no to disable
+ waldo: file.waldo # waldo file to store the file_id across runs
+ max-open-files: 0 # how many files to keep open (O means none)
+ write-meta: yes # write a .meta file if set to yes
+ include-pid: yes # include the pid in filenames if set to yes.
Each file that is stored will have a name "file.<id>". The id will be reset and files will be overwritten unless the waldo option is used. A "file.<id>.meta" file is generated containing file metadata if write-meta is set to yes (default). If the include-pid option is set, the files will instead have a name "file.<pid>.<id>", and metafiles will be "file.<pid>.<id>.meta". Files will additionally have the suffix ".tmp" while they are open, which is only removed when they are finalized.
projects / thirdparty / suricata.git / commitdiff
