<br><br><div class="gmail_quote">On Fri, Feb 8, 2013 at 7:43 PM, Vincent Fang <span dir="ltr"><<a href="mailto:vincent.y.fang@gmail.com" target="_blank">vincent.y.fang@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
<div dir="ltr">I'm examining the http.log and the configuration in the suricata.yaml and I'm noticing it's only showing requests coming from the client side but no http responses from the server being requested or http requests from external to my internal network. Is there a configuration setting that changes this?<div>
<br></div><div>I'm using a custom logging format where it shows the source ip and source port -> destination ip destination port like so for http-log in the suricata.yaml:</div><div><br></div><div>
<br></div><div>customformat: %a %p -> %A %P</div><div><br></div><div><br></div><div>Vince</div></div>
<br>_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
OISF: <a href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a><br></blockquote></div><br>Hi Vince,<br><br>works fine for me....:<br><br><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">
192.168.1.131 40285 -> 8.27.131.126 80<br>192.168.1.131 37783 -> 157.166.255.115 80<br>192.168.1.131 40286 -> 8.27.131.126 80<br>192.168.1.131 60343 -> 70.33.205.133 80<br>192.168.1.131 43553 -> 209.84.11.254 80<br>
192.168.1.131 43529 -> 209.84.11.254 80<br>192.168.1.131 43532 -> 209.84.11.254 80<br>192.168.1.131 60342 -> 70.33.205.133 80<br>192.168.1.131 42182 -> 66.235.142.3 80<br>192.168.1.131 56043 -> 138.108.6.20 80<br>
</blockquote>....<br><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote">192.168.1.71 16319 -> 192.168.1.131 80<br>192.168.1.71 16319 -> 192.168.1.131 80<br>
</blockquote><br><br>this is my config line:<br><blockquote style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex" class="gmail_quote"> - http-log:<br> enabled: yes<br> filename: http.log<br>
append: yes<br> #extended: yes # enable this for extended logging information<br> #filetype: regular # 'regular', 'unix_stream' or 'unix_dgram'<br> custom: yes <br> customformat: "%a %p -> %A %P"<br>
</blockquote><br>Suricata 1.4<br><br>But then again .. i am not sure what your set up exactly is (network wise).<br>Are all the log lines with http requests " out -> in " are missing ? and is it just them that are missing?<br>
<br>Thanks<br clear="all"><br>-- <br><div>Regards,</div>
<div>Peter Manev</div>