FuzzySecurity
commented
5 years ago Thank you for the report, I will get a fix for this in the next release :thumbsup:
Closed ion-storm closed 5 years ago
FuzzySecurity
commented
5 years ago Thank you for the report, I will get a fix for this in the next release :thumbsup:
FuzzySecurity
commented
5 years ago That was a good call and it is fixed now in v0.8. I played around with splitting up the event into multiple events but I decided against it in the end as it is programmatically difficult to do. You would need to parse the xml, detect long length and then generate a new event with the same xml elements but the rest of the data (you may also need to do this multiple times). Another consideration is that you may have a 10mb event which is taking up 10% of your log.
In the end I decided to cap event data elements to a length on 10k characters, anything after that is dropped.
SilkService is crashing and will not continue logging as it is hitting some limit with large script blocks. DNS logging and other sources appear fine as the amount of data is not as large.