Hey Martin,<div><br></div><div>Thanks for the reply!</div><div><br></div><div>I already have the http.log file from Suricata with most of that info. I was just wondering if anybody had built a parser for it, I guess. It looks like httpry is made more for actually sniffing the traffic from the wire -- am I correct?</div>
<div><br></div><div>Thanks!<br>~Brant</div><div><br></div><div><br></div><div><br><div class="gmail_quote">On Fri, Jul 8, 2011 at 9:27 AM, Martin Holste <span dir="ltr"><<a href="mailto:mcholste@gmail.com">mcholste@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">The easiest way to get them into a database would be to run my<br>
httpry_logger script:<br>
<a href="http://code.google.com/p/enterprise-log-search-and-archive/downloads/detail?name=httpry_logger.pl" target="_blank">http://code.google.com/p/enterprise-log-search-and-archive/downloads/detail?name=httpry_logger.pl</a><br>
. It has DB output as well as syslog and file outputs and adds GeoIP<br>
tags to the URL entries.<br>
<div><div></div><div class="h5"><br>
On Fri, Jul 8, 2011 at 12:15 AM, Brant Wells <<a href="mailto:bwells@tfc.edu">bwells@tfc.edu</a>> wrote:<br>
> Hi All,<br>
> I'm (finally) getting to dive back into getting my Suricata box going, and I<br>
> have to say it is much easier now that I've done it a few times, lol.<br>
> I have a couple of questions about the http.log file...<br>
> 1) Is the output of that file compatible with utilities that analyze logs<br>
> from Squid or what-not?<br>
> 2) If the answer to #1 is no, then is there already a way to get the<br>
> http.log file into a database?<br>
> Just thought I'd ask...<br>
> See Yas!<br>
> ~Brant<br>
><br>
><br>
</div></div>> _______________________________________________<br>
> Oisf-devel mailing list<br>
> <a href="mailto:Oisf-devel@openinfosecfoundation.org">Oisf-devel@openinfosecfoundation.org</a><br>
> <a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel</a><br>
><br>
><br>
</blockquote></div><br></div>