drakvuf-sandbox icon indicating copy to clipboard operation
drakvuf-sandbox copied to clipboard

Published 20 hours ago verified publisher icon CERT-Polska

compress parsed logs (e.g. syscall.log)

Open icedevml opened this issue 4 years ago • 3 comments

Right now we could end up in syscall.log being produced having ~500 MB of data for some analyses. This is JSON-text which could be gzipped to about 26 MB.

I think we should start gzipping this to avoid huge transfer across drakrun and S3 server.

/cc @BonusPlay @chivay @kscieslinski

icedevml avatar Oct 23 '20 13:10 icedevml

Right now syscall.log, sysret.log and regmon.log are the (only?) ones to generate huge outputs.

icedevml avatar Oct 23 '20 13:10 icedevml

IMO this should be handled by Minio, both during transmission and for storage.

chivay avatar Oct 26 '20 11:10 chivay

hmm https://docs.min.io/docs/minio-compression-guide.html

icedevml avatar Oct 26 '20 11:10 icedevml