[Oisf-devel] HTTP Log File

Chris Wakelin c.d.wakelin at reading.ac.uk
Fri Jul 8 14:57:31 UTC 2011


I've a patch in https://redmine.openinfosecfoundation.org/issues/38 that
adds more fields to http.log, so at least most of the information you'd
see in a Squid or Apache log is there, just in the wrong order. I'd
think a line or two of awk or perl ought to be able to convert it.

Best Wishes,
Chris

On 08/07/11 15:41, Brant Wells wrote:
> Hey Martin,
> 
> Thanks for the reply!
> 
> I already have the http.log file from Suricata with most of that info.  I
> was just wondering if anybody had built a parser for it, I guess.  It looks
> like httpry is made more for actually sniffing the traffic from the wire --
> am I correct?
> 
> Thanks!
> ~Brant
> 
> 
> 
> On Fri, Jul 8, 2011 at 9:27 AM, Martin Holste <mcholste at gmail.com> wrote:
> 
>> The easiest way to get them into a database would be to run my
>> httpry_logger script:
>>
>> http://code.google.com/p/enterprise-log-search-and-archive/downloads/detail?name=httpry_logger.pl
>> .  It has DB output as well as syslog and file outputs and adds GeoIP
>> tags to the URL entries.
>>
>> On Fri, Jul 8, 2011 at 12:15 AM, Brant Wells <bwells at tfc.edu> wrote:
>>> Hi All,
>>> I'm (finally) getting to dive back into getting my Suricata box going,
>> and I
>>> have to say it is much easier now that I've done it a few times, lol.
>>> I have a couple of questions about the http.log file...
>>> 1) Is the output of that file compatible with utilities that analyze logs
>>> from Squid or what-not?
>>> 2) If the answer to #1 is no, then is there already a way to get the
>>> http.log file into a database?
>>> Just thought I'd ask...
>>> See Yas!
>>> ~Brant
>>>
>>>
>>> _______________________________________________
>>> Oisf-devel mailing list
>>> Oisf-devel at openinfosecfoundation.org
>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>>>
>>>
>>
> 
> 
> 
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel


-- 
--+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+---+-
Christopher Wakelin,                           c.d.wakelin at reading.ac.uk
IT Services Centre, The University of Reading,  Tel: +44 (0)118 378 2908
Whiteknights, Reading, RG6 6AF, UK              Fax: +44 (0)118 975 3094



More information about the Oisf-devel mailing list