[Oisf-devel] [PATCH] Added request length to custom HTTP logging

Vincent Fang vincent.y.fang at gmail.com
Thu May 30 15:16:06 UTC 2013 

Sorry for the late response, for the request length I think I copied Matt's
code and put it in here to include the request length. I don't remember
doing a patch or merge at the time. Sorry for forgetting to mention credit
so please replace my name with his for the request length portion.

Vince


On Mon, May 27, 2013 at 2:33 PM, I. Sanchez <sanchezmartin.ji at gmail.com>wrote:

> I received the code from Vincent Fang in a pull request to my repo.
>
> https://github.com/owlsec/suricata/pull/1
>
> so I mentioned vinfang as the source for the patch in the PR
>
>  *  "Added %b for request size (vinfang patch)"*
>
> I don't know if Vincent Fang implemented it himself (3 lines) or took it
> from Mat's patch, but it implements the same functionality this is why I
> mentioned it was included in the PR #377
>
> Cheers,
>
>   Ignacio
>
>
> On Mon, May 27, 2013 at 3:22 PM, Victor Julien <victor at inliniac.net>wrote:
>
>> On 05/26/2013 12:03 PM, I. Sanchez wrote:
>> > Hi,
>> >
>> > The patch is included in the Pull Request 377 regarding feature #602
>> >
>> > https://github.com/inliniac/suricata/pull/377
>> > https://redmine.openinfosecfoundation.org/issues/602
>>
>> I don't see Mathews commit in the PR, how did you merge it?
>>
>> Or did you mean that you already implemented the same thing yourself?
>>
>> Cheers,
>> Victor
>>
>> >
>> > Cheers,
>> >
>> >   Ignacio
>> >
>> >
>> >
>> >
>> > On Sun, May 26, 2013 at 6:26 AM, <mathewm at sdf.lonestar.org
>> > <mailto:mathewm at sdf.lonestar.org>> wrote:
>> >
>> >     On Thu, 28 Mar 2013 10:37:10 +0100, Victor Julien
>> >     <victor at inliniac.net <mailto:victor at inliniac.net>> wrote:
>> >
>> >         On 03/23/2013 10:46 AM, mathewm at sdf.lonestar.org
>> >         <mailto:mathewm at sdf.lonestar.org> wrote:
>> >
>> >             Added request length to custom HTTP logging
>> >
>> >             Custom HTTP logging currently provides access to the HTTP
>> >             response
>> >             length (via %B in the custom log format string), but not the
>> >             request
>> >             length. The request length can be very valuable.
>> >
>> >             I've modified log-httplog.c to provide access to libhtp's
>> >             request_message_len, via %b in the custom log format.
>> >
>> >
>> >         Interesting addition. Was going to apply it, but my git rejects
>> >         it. Can
>> >         you retry sending it against the current master, or attach a
>> "git
>> >         format-patch -1" file? A github pr works as well.
>> >
>> >         Cheers,
>> >         Victor
>> >
>> >
>> >     Sorry for the delay, I need to pay more attention to my email!
>> >
>> >     A corrected patch file is attached, which I managed to successfully
>> >     test locally so with any luck this one will be OK.
>> >
>> >     Cheers
>> >
>> >     Mat
>> >     _______________________________________________
>> >     Suricata IDS Devel mailing list:
>> >     oisf-devel at openinfosecfoundation.org
>> >     <mailto:oisf-devel at openinfosecfoundation.org>
>> >     Site: http://suricata-ids.org | Participate:
>> >     http://suricata-ids.org/participate/
>> >     List:
>> >     https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>> >     Redmine: https://redmine.openinfosecfoundation.org/
>> >
>> >
>> >
>> >
>> > _______________________________________________
>> > Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
>> > Site: http://suricata-ids.org | Participate:
>> http://suricata-ids.org/participate/
>> > List:
>> https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>> > Redmine: https://redmine.openinfosecfoundation.org/
>> >
>>
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>> _______________________________________________
>> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Participate:
>> http://suricata-ids.org/participate/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
>> Redmine: https://redmine.openinfosecfoundation.org/
>>
>
>
> _______________________________________________
> Suricata IDS Devel mailing list: oisf-devel at openinfosecfoundation.org
> Site: http://suricata-ids.org | Participate:
> http://suricata-ids.org/participate/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-devel
> Redmine: https://redmine.openinfosecfoundation.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20130530/05e5806f/attachment-0002.html>

More information about the Oisf-devel mailing list