
<div>Hi Peter,</div>

<div> </div>

<div>Is there any way that you could compare the two logs by the ways of scripting/bashing ? - if Suri and httpry are running at the same time (maybe just 10 min time span)?</div>

<div> </div>

<div>thanks<br><br></div>

<div class="gmail_quote">On Fri, Mar 30, 2012 at 3:04 PM, Peter Bates <span dir="ltr"><<a href="mailto:peter.bates@ucl.ac.uk">peter.bates@ucl.ac.uk</a>></span> wrote:<br>

<blockquote style="BORDER-LEFT:#ccc 1px solid;MARGIN:0px 0px 0px 0.8ex;PADDING-LEFT:1ex" class="gmail_quote">

<div class="im">-----BEGIN PGP SIGNED MESSAGE-----<br>Hash: SHA1<br><br><br></div>Hello again all<br>

<div class="im"><br>On 29/03/2012 15:14, Victor Julien wrote:<br>>> I'm trying to avoid just using logrotate to move the file and<br>>> then restarting Suricata to pick up the change - if at all<br>>> possible.<br>

><br>> You can use the trick described here:<br>> <a href="https://redmine.openinfosecfoundation.org/issues/265#note-4" target="_blank">https://redmine.openinfosecfoundation.org/issues/265#note-4</a><br><br></div>

Thanks for the advice - and also Martin's suggestion that syslog<br>support for http-log might be useful.<br><br>I've been running httpry up until recently - and generally manage a<br>logfile from that of around 700-800Mb an hour, dropping to 200-300Mb<br>

at quiet times.<br><br>Just testing with the Suricata http-log I've ended up with a 7Mb<br>logfile from 1pm-2pm (BST).<br><br>Httpry does also log the HTTP responses so you could argue the log<br>should be double the size - but there seems a big difference here<br>

between the two.<br>

<div class="im"><br>- --<br>Peter Bates<br>Senior Computer Security Officer    Phone: <a href="tel:%2B44%280%292076792049" value="+442076792049">+44(0)2076792049</a><br>Information Services Division       Internal Ext: 32049<br>

University College London<br>London WC1E 6BT<br></div>-----BEGIN PGP SIGNATURE-----<br>Version: GnuPG v2.0.17 (MingW32)<br>

<div class="im">Comment: Using GnuPG with Mozilla - <a href="http://enigmail.mozdev.org/" target="_blank">http://enigmail.mozdev.org/</a><br><br></div>iQEcBAEBAgAGBQJPda91AAoJELhVoVpEMS6RPbwH/1nXjmMEbDzE6CQhGAgfYb6c<br>ebsrxKam3owvkOL2A/LHGeo4Y0nfjQ622jwZPhUHwEMl0FGNf6L7BNq9g//HOqhi<br>

NKZQFAhYa45J6Fk2DpPAp6KUYb/RLHA0z3OflJtzFn18jAK9QE9POuRMiYSoqo18<br>XWZoxs3OuVi+UOxuWb97GAOoScsRrC5mQ2EI4LdodC9rjqy0RqJDhPxOVauOss7B<br>e65jJBxVgCCM2SfnnBoKy4PJR2XO0i3UguU6CGILiKFjb0SVScIzTvpxOelCR7bA<br>/TXZd/rnfhGHKFAhrx38bnfDgDvjFyQF/GbJkAfX3Cu7aEXWa1L5oA0oepJi868=<br>

=MopT<br>

<div class="HOEnZb">

<div class="h5">-----END PGP SIGNATURE-----<br><br>_______________________________________________<br>Oisf-users mailing list<br><a href="mailto:Oisf-users@openinfosecfoundation.org">Oisf-users@openinfosecfoundation.org</a><br>

<a href="http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br></div></div></blockquote></div><br><br clear="all"><br>

-- <br>

<div>Regards,</div>

<div>Peter Manev</div><br>