Hello,<div><br></div><div>While checking the suricata http.log I noticed that every time a url contains a hostname followed by a port number, a <hostname unknown> message appears. Could this be a parsing problem? (probably due to ":" between hostname and portnumber)</div>
<div><br></div><div>examples:</div><div><br></div><div>04/05/2012-09:54:36.796167 <hostname unknown> [**] <a href="http://search.twitter.com:443">search.twitter.com:443</a> [**] Mozilla/5.0 (Windows NT 6.1) AppleWebKit/534.34 (KHTML, like Gecko) TweetDeck Safari/534.34 [**] <a href="http://10.0.1.27:50746">10.0.1.27:50746</a> -> <a href="http://10.0.1.254:8080">10.0.1.254:8080</a></div>
<div><br></div><div>04/05/2012-09:54:37.206330 <hostname unknown> [**] I\x00H}\xE2\xD6Q2\xE8 [**] <useragent unknown> [**] <a href="http://10.0.1.62:62326">10.0.1.62:62326</a> -> <a href="http://10.0.1.254:8080">10.0.1.254:8080</a></div>
<div><br></div><div>04/05/2012-09:54:37.206330 <hostname unknown> [**] [**] <useragent unknown> [**] <a href="http://10.0.1.62:62326">10.0.1.62:62326</a> -> <a href="http://10.0.1.254:8080">10.0.1.254:8080</a></div>
<div><br></div><div>Best Regards</div>