diff options
| author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:39:49 +0000 |
|---|---|---|
| committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-19 17:39:49 +0000 |
| commit | a0aa2307322cd47bbf416810ac0292925e03be87 (patch) | |
| tree | 37076262a026c4b48c8a0e84f44ff9187556ca35 /doc/userguide/file-extraction/config-update.rst | |
| parent | Initial commit. (diff) | |
| download | suricata-3c02481111c540a7642503dfcf0b62e8c69b6ff0.tar.xz suricata-3c02481111c540a7642503dfcf0b62e8c69b6ff0.zip | |
Adding upstream version 1:7.0.3.upstream/1%7.0.3
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'doc/userguide/file-extraction/config-update.rst')
| -rw-r--r-- | doc/userguide/file-extraction/config-update.rst | 41 |
1 files changed, 41 insertions, 0 deletions
diff --git a/doc/userguide/file-extraction/config-update.rst b/doc/userguide/file-extraction/config-update.rst new file mode 100644 index 0000000..5035ac8 --- /dev/null +++ b/doc/userguide/file-extraction/config-update.rst @@ -0,0 +1,41 @@ +.. _filestore-update-v1-to-v2: + +Update File-store v1 Configuration to V2 +======================================== + +Given a file-store configuration like:: + + - file-store: + enabled: yes # set to yes to enable + log-dir: files # directory to store the files + force-magic: no # force logging magic on all stored files + force-hash: [md5] # force logging of md5 checksums + force-filestore: no # force storing of all files + stream-depth: 1mb # reassemble 1mb into a stream, set to no to disable + waldo: file.waldo # waldo file to store the file_id across runs + max-open-files: 0 # how many files to keep open (O means none) + write-meta: yes # write a .meta file if set to yes + include-pid: yes # include the pid in filenames if set to yes. + +The following changes will need to be made to convert to a v2 style configuration: + +* The ``version`` field must be set to 2. +* The ``log-dir`` field should be renamed to ``dir``. It is recommended to use a new directory instead of an existing v1 directory. +* Remove the ``waldo`` option. It is no longer used. +* Remove the ``write-meta`` option. +* Optionally set ``write-fileinfo`` to enable writing of a metadata file along side the extracted file. Not that this option is disabled by default as a ``fileinfo`` event can be written to the Eve log file. +* Remove the ``include-pid`` option. There is no equivalent to this option in file-store v2. + +Example converted configuration:: + + - file-store: + version: 2 + enabled: yes + dir: filestore + force-hash: [md5] + file-filestore: no + stream-depth: 1mb + max-open-files: 0 + write-fileinfo: yes + +Refer to the :ref:`File Extraction` section of the manual for information about the format of the file-store directory for file-store v2. |