suricata

Suricata is a network Intrusion Detection System, Intrusion Prevention System and Network Security Monitoring engine developed by the OISF and the Suricata community.

cybersecurity ids intrusion-detection-system intrusion-prevention-system ips network-monitor network-monitoring nsm security suricata threat-hunting

You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

Go to file

Ken Steele 2feb37c155 Cache time conversions for localtime() and CreateTimeString() When converting a time in seconds (64-bit seconds since 1970) to Month/Day/Year hours minutes, Suricata calls localtime_r(), which always aquires a lock and then does complex comutation based on the current time zone. The time zone can be specified in the TZ environment variable, which is only parsed the first time it is used, or from a file. The default file is /etc/localtime. The file is checked each time to see if it might have changed and is reparsed if it has changed. The GLIBC library has a lock inside localtime_r(), which limits parallelism, which is a problem when the rate of generating alerts is high, since Suricata generates a new ascii time string for each alert into fast.log. This change caches the value returned by localtime_t() and then sets the seconds within the minute based on the cached start-of-minute time. All of the values return, expect for the seconds, is constant within the same minute. Switching to a new seconds could change all the other values, year, month, day, hour. The cache stores the current and previous minute values. The same trick is used in CreateTimeString() for generated time string. The string, up to the minutes, is cached and then copied into the result string, followed by printing the new seconds into the result string. The seconds within a minute are calculated as the difference in seconds from the start of the current minute.		12 years ago
benches	…
contrib	Add one shot run option to suri-graphite.	13 years ago
doc	Update docs from wiki	13 years ago
m4	…
qa	coccinelle: dynamic testing through make check	13 years ago
rules	vlan: add rule for new 'too many layers' event	13 years ago
scripts	suricatasc: fix make distcheck.	13 years ago
src	Cache time conversions for localtime() and CreateTimeString()	12 years ago
.gitignore	unittest: make check use a qa/log dir for logging	13 years ago
COPYING	…
ChangeLog	Update changelog for 2.0beta1	13 years ago
LICENSE	…
Makefile.am	autotools: workaround on partial cleaning	13 years ago
Makefile.cvs	…
acsite.m4	…
autogen.sh	OpenBSD 5.2 build fixes, Unit test fix.	13 years ago
classification.config	…
config.rpath	Add file needed for some autotools version.	13 years ago
configure.ac	Fix typo in configure.ac echo message	13 years ago
doxygen.cfg	Adding an updated doxygen config file, because the old one was created a couple major versions ago.	13 years ago
mkinstalldirs	…
reference.config	…
suricata.yaml.in	Add TILE-Gx mPIPE packet processing support.	13 years ago
threshold.config	threshold: improve comments of shipped threshold.config, add links to wiki.	13 years ago