[Oisf-users] http.log <hostname unknown>

Geert Alberghs alberghs.g at gmail.com
Thu Apr 5 08:26:52 UTC 2012


While checking the suricata http.log I noticed that every time a url
contains a hostname followed by a port number, a <hostname unknown> message
appears. Could this be a parsing problem? (probably due to ":" between
hostname and portnumber)


04/05/2012-09:54:36.796167 <hostname unknown> [**]
search.twitter.com:443[**] Mozilla/5.0 (Windows NT 6.1)
AppleWebKit/534.34 (KHTML, like Gecko)
TweetDeck Safari/534.34 [**] ->

04/05/2012-09:54:37.206330 <hostname unknown> [**] I\x00H}\xE2\xD6Q2\xE8
[**] <useragent unknown> [**] ->

04/05/2012-09:54:37.206330 <hostname unknown> [**]  [**] <useragent
unknown> [**] ->

Best Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20120405/5fdccc17/attachment-0002.html>

More information about the Oisf-users mailing list