Has anybody had any issues with their decoder service having issues
after switching to lua parsers. I'm seeing entries in the logs where a
core dump occurs (no space to store the coredump) and the decoder
service restarts. I didn't notice this until ...
Is there any matrix of the new lua parsers and the old parser(s) they
replace? Some of them are obvious, others less so. Anybody have
experience switching over?
I'm trying to get a listing of sessionid and time for specific sessions
where the alias.host matches a specific domain within a set time period.
However when I use the following it doesn't limit the time period and I
get all of the sessions returned:...
In regards to the packers lua parser, you indicate it replaces the
existing packers parser. Does this include all of the malware_packers_X
parsers and javascript_packers?
I've tried it using that time format as well but it looks like it only
queries based on one fieldIf I use this
query:/sdk?msg=query&query='select sessionid,time where
time="2012-Dec-03 00:00:01-2012-Dec-04
00:00:01"&&alias.host="domain.com"'&size=100...