[Oisf-users] http.log log format

Geert Alberghs alberghs.g at gmail.com
Thu Apr 5 08:14:27 UTC 2012


Hello,

http logging has been enabled in our environment. The purpose is to parse
these logs for URL's up to and including the path. (so no query and/or
fragment part) The problem is that in http.log I encounter 2 log formats:

   1. TIMESTAMP HOSTNAME [**] COMPLETE URL [**]
   2. TIMESTAMP HOSTNAME [**] URL without SCHEME&HOSTNAME [**]

In case 1 I only need COMPLETE URL and strip of query and/or fragment
In case 2 I need to concat "SCHEME", "HOSTNAME" and "URL without
SCHEME&HOSTNAME" and then strip of query and/or fragment.

Is there any logic in why there are 2 different cases? Personally I think
log format 1 is preferable.

Best Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120405/7f887703/attachment-0002.html>


More information about the Oisf-users mailing list