Re: snort3: capturing files not work by inspector file

["Steven Baigal \(sbaigal\) via Snort-devel" <snort-devel () lists snort org>]

Make sure you have removed the old file (might have SHA as filename), if that does not help, please share your file_id 
configuration.

From: Snort-devel <snort-devel-bounces () lists snort org> on behalf of Meridoff via Snort-devel <snort-devel () lists 
snort org>
Reply-To: Meridoff <oagvozd () gmail com>
Date: Wednesday, November 11, 2020 at 9:49 AM
To: "snort-devel () lists snort org" <snort-devel () lists snort org>
Subject: [Snort-devel] snort3: capturing files not work by inspector file

Hello, I can not capture file with inspecor file.

I configured all as in manual. Made debug messages in file_api.

Using http traffic (non encrypted).

And what I 've found by my debugging snort:

1.File recognizing by type is OK
2. Capturing file is OK and function store_file_assync() is called
3. BUT writer_thread is never called and never runs

I've added LogMEssage inside void FileCapture::writer_thread()  - and I see it never runs.

Creation of writer_thread is OK:  file_storer = new std::thread(writer_thread);

I see that filet_storer is not NULL.

But writer_thread is not run by unknown reason.

So files can't be dumped and saved to disk due-to this problem..

Please, help, why this happens..



_______________________________________________
Snort-devel mailing list
Snort-devel () lists snort org
https://lists.snort.org/mailman/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!