[Oisf-devel] suricata fail to produce http log after copy to another host
Delta Yeh
delta.yeh at gmail.com
Wed Sep 7 14:06:41 UTC 2011
I test pcap live mode with cmd " ./suricata -c
/etc/suricata/suricata.yaml -i eth0 "
I use apache ab in the same box(in both squeeze boxes) with suricata
to test http log.
I run tcpdump on the same interface, and there is http traffic.
I also use wget to confirm that the http request is successful.
According to the suricata stats.log , it did handle some tcp traffic, but
there is no http log.
I set debug level to info and enable console output, there is no
error/warning outputs.
BTW, there is no IDS rule loaded for all the tests, so only test http
log feature.
In the debian squeeze box A where suricata is compiled from source,
everything is OK,
but no http log in debian squeeze box B.
I copied some necessary library from A to B to make suricata run
sucessfully in B.
2011/9/7 rmkml <rmkml at yahoo.fr>:
> Hi Delta,
> Can you explain little bit more?
> Maybe it's a network level pb? (not suricata)
> If you sniff traffic with tcpdump like, do you look packets?
> Cpu usage by Suricata in new box are not zero usage?
> What is your suricata cmd line? output?
> Regards
> Rmkml
>
>
> On Wed, 7 Sep 2011, Delta Yeh wrote:
>
>> Hi,
>> I compiled suricata (git HEAD) in one debian squeeze box, it can log
>> http as expected.
>> But if I copy suricata and the
>> libraries(libhtp,libcap-ng,libnet,libyaml) to a new squeeze box,
>> there is no http log any more.
>> The config is the same.
>> Does anyone run into this before?
>
More information about the Oisf-devel
mailing list