[Oisf-users] Error occured in parsing "http" app layer protocol
Victor Julien
victor at inliniac.net
Fri Jul 22 12:03:05 UTC 2011
On 07/22/2011 01:52 PM, Sander Klein wrote:
> On Fri, 22 Jul 2011 13:36:49 +0200, Victor Julien wrote:
>>> It keeps spitting out these messages and it seems that it's not
>>> really
>>> inspecting my http streams.
>>>
>>> My environment is a load balanced webserver cluster with Direct
>>> Server
>>> Return doing about 30Mbit/s of http traffic. But even when testing
>>> with
>>> 5Mbit/s of traffic I get these messages.
>>>
>>> Any ideas why this could happen? I'm pretty new to this so I'm not
>>> sure
>>> which info is needed.
>>
>> Hi Sander, are you able to (privately) share a pcap?
>
> Sure, how long or how big do you want the pcap to be? Any specials
> setting you want me to use?
Ideally as small as possible to reproduce the issue when running the
pcap through suricata.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list