[Oisf-users] http.log <hostname unknown>
Geert Alberghs
alberghs.g at gmail.com
Thu Apr 5 08:26:52 UTC 2012
Hello,
While checking the suricata http.log I noticed that every time a url
contains a hostname followed by a port number, a <hostname unknown> message
appears. Could this be a parsing problem? (probably due to ":" between
hostname and portnumber)
examples:
04/05/2012-09:54:36.796167 <hostname unknown> [**]
search.twitter.com:443[**] Mozilla/5.0 (Windows NT 6.1)
AppleWebKit/534.34 (KHTML, like Gecko)
TweetDeck Safari/534.34 [**] 10.0.1.27:50746 -> 10.0.1.254:8080
04/05/2012-09:54:37.206330 <hostname unknown> [**] I\x00H}\xE2\xD6Q2\xE8
[**] <useragent unknown> [**] 10.0.1.62:62326 -> 10.0.1.254:8080
04/05/2012-09:54:37.206330 <hostname unknown> [**] [**] <useragent
unknown> [**] 10.0.1.62:62326 -> 10.0.1.254:8080
Best Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120405/5fdccc17/attachment-0002.html>
More information about the Oisf-users
mailing list