[Oisf-devel] http log entry number is more than the number of ab
Victor Julien
victor at inliniac.net
Tue Jul 10 13:36:19 UTC 2012
On 07/10/2012 07:08 AM, Delta Yeh wrote:
> Hi,
> In my test, I see the number of request logged is more than the number of ab.
> The topo is :
> ab ---- bridge(suricata,debian6) --- www
> I use ab -c 4 -n 200000 http://192.168.35.111:8079/ to generate http requests.
>
> It is expected to get 200000 http log entry but I get 200015.
> I don't know wether ab send the additional 15 requests or someting
> wrong with suricata?
>
> The http log config is:
> - http-log:
> enabled: yes
> filename: /tmp/accesslog
> extended: yes
> append: yes
> filetype: unix_dgram
Can you test with the regular http.log file output? Make it overwrite
(append: no) and do a wc -l http.log after the test. Rules out errors in
the unix_dgram connection.
Also, are you sure you're not seeing some other requests that the host
makes?
Cheers,
Victor
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-devel
mailing list