<div dir="ltr"><span style="font-family:arial,sans-serif;font-size:13px">for this specific sensor, my CPU usage is about 98% all the time (I am working on replacing the sensor). but should no http logging be explained by not having cpu resources? </span><span style="font-family:arial,sans-serif;font-size:13px">I am not sure if this has anything to do with it but my http.memuse and http/memcap are all 0s.</span><div class="">
</div><div class=""></div><div class=""></div><div id=":4g1" tabindex="-1"></div><div id=":4h1" class="" style="font-size:13px"><div id=":4fz" class="" style="overflow:hidden"><div dir="ltr"><div class="" style="font-family:arial,sans-serif">
</div></div></div></div><div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:13px">any ideas on how to troubleshoot this issue? are there any indicators for libhtp usage in the stats other than memcap/memuse?</span></div>
<div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div><div><span style="font-family:arial,sans-serif;font-size:13px"><br></span></div></div><div class="gmail_extra"><br><br><div class="gmail_quote">
On Tue, May 13, 2014 at 5:59 AM, Victor Julien <span dir="ltr"><<a href="mailto:lists@inliniac.net" target="_blank">lists@inliniac.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Please keep the conversation on the list.<br>
<div class=""><br>
On 05/12/2014 09:21 PM, Adnan Baykal wrote:<br>
> Ok - this fixed the issue on one sensor but not the second one :( I<br>
> still have one sensor with no http logging. but this sensor is heavily<br>
> loaded. would that impact this feature?<br>
<br>
</div>Yes, certainly. If we can't track the http session properly, we can't<br>
log it either.<br>
<div class="HOEnZb"><div class="h5"><br>
--<br>
---------------------------------------------<br>
Victor Julien<br>
<a href="http://www.inliniac.net/" target="_blank">http://www.inliniac.net/</a><br>
PGP: <a href="http://www.inliniac.net/victorjulien.asc" target="_blank">http://www.inliniac.net/victorjulien.asc</a><br>
---------------------------------------------<br>
<br>
_______________________________________________<br>
Suricata IDS Users mailing list: <a href="mailto:oisf-users@openinfosecfoundation.org">oisf-users@openinfosecfoundation.org</a><br>
Site: <a href="http://suricata-ids.org" target="_blank">http://suricata-ids.org</a> | Support: <a href="http://suricata-ids.org/support/" target="_blank">http://suricata-ids.org/support/</a><br>
List: <a href="https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users" target="_blank">https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users</a><br>
OISF: <a href="http://www.openinfosecfoundation.org/" target="_blank">http://www.openinfosecfoundation.org/</a><br>
</div></div></blockquote></div><br></div>