]> git.ipfire.org Git - thirdparty/suricata.git/commit
projects / thirdparty / suricata.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2d13df6) | patch
output-json: drop eve records that are too long
authorJason Ish <jason.ish@oisf.net>
Fri, 22 Nov 2024 21:26:49 +0000 (15:26 -0600)
committerVictor Julien <victor@inliniac.net>
Thu, 28 Nov 2024 20:28:30 +0000 (21:28 +0100)
commitd39e42728a5b84d9cefbd4329034064d71c4e268
tree0a78a0efa959e008c10eabb92248643e30d9e8dctree
parent2d13df6872deb3b8c7fce3642403739bb51affa3commit | diff
output-json: drop eve records that are too long

In the situation where the mem buffer cannot be expanded to the
requested size, drop the log message.

For each JSON log context, a warning will be emitted once with a partial
bit of the log record being dropped to identify what event types may be
leading to large log records.

This also fixes the call to MemBufferExpand which is supposed be
passed the amount to expand by, not the new size required.

Ticket: #7300
src/output-json.c diff | blob | blame | history
src/output-json.h diff | blob | blame | history
Mirror of https://github.com/OISF/suricata.git