[Oisf-devel] http log entry number is more than the number of ab
Anoop Saldanha
anoopsaldanha at gmail.com
Tue Jul 10 14:41:17 UTC 2012
On Tue, Jul 10, 2012 at 7:06 PM, Victor Julien <victor at inliniac.net> wrote:
> On 07/10/2012 07:08 AM, Delta Yeh wrote:
>> Hi,
>> In my test, I see the number of request logged is more than the number of ab.
>> The topo is :
>> ab ---- bridge(suricata,debian6) --- www
>> I use ab -c 4 -n 200000 http://192.168.35.111:8079/ to generate http requests.
>>
>> It is expected to get 200000 http log entry but I get 200015.
>> I don't know wether ab send the additional 15 requests or someting
>> wrong with suricata?
>>
>> The http log config is:
>> - http-log:
>> enabled: yes
>> filename: /tmp/accesslog
>> extended: yes
>> append: yes
>> filetype: unix_dgram
>
> Can you test with the regular http.log file output? Make it overwrite
> (append: no) and do a wc -l http.log after the test. Rules out errors in
> the unix_dgram connection.
>
> Also, are you sure you're not seeing some other requests that the host
> makes?
>
> Cheers,
> Victor
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
>
>
> _______________________________________________
> Oisf-devel mailing list
> Oisf-devel at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
To add to it, how many requests does the engine show at shutdown(on
the console)?
--
Anoop Saldanha
More information about the Oisf-devel
mailing list