[Oisf-users] Empty http.log file
kay
kay.diam at gmail.com
Mon Jul 9 07:58:14 EDT 2012
I'm quite not understand what you mean... I copy-pasted these rules
from iptables-save:
# Generated by iptables-save v1.4.7 on Mon Jul 9 15:48:00 2012
*filter
:INPUT ACCEPT [4264:1708762]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [1949:515483]
-A INPUT -p tcp -m mark ! --mark 0x1/0x1 -m tcp --dport 80 -j NFQUEUE
--queue-num 0
-A INPUT -p tcp -m mark --mark 0x1/0x1 -m tcp --dport 80 -j ACCEPT
-A OUTPUT -p tcp -m mark ! --mark 0x1/0x1 -m tcp --sport 80 -j NFQUEUE
--queue-num 0
-A OUTPUT -p tcp -m mark --mark 0x1/0x1 -m tcp --sport 80 -j ACCEPT
COMMIT
# Completed on Mon Jul 9 15:48:00 2012
I run suricata in NFQ "repeat" mode with "-q 0" option.
For some reason "accept" mode writes logs, but I need to use "mark"
functionality. Actually I cannot reach even "mark packets"
functionality in "repeat" mode too. That is why I created "--mark
0x1/0x1 -m tcp --dport 80 -j ACCEPT" firewall rules for iptables
counter.
Here is my rule:
pass tcp any any -> any any (content: "TEST"; msg: "TEST string
test!"; nfq_set_mark:0x01/0x01; sid:2455;)
2012/7/9 Victor Julien <victor at inliniac.net>:
> On 07/09/2012 01:39 PM, kay wrote:
>> Here are iptables rules:
>>
>> -A INPUT -p tcp -m mark ! --mark 0x1/0x1 -m tcp --dport 80 -j NFQUEUE
>> --queue-num 0
>> -A INPUT -p tcp -m mark --mark 0x1/0x1 -m tcp --dport 80 -j ACCEPT
>> -A OUTPUT -p tcp -m mark ! --mark 0x1/0x1 -m tcp --sport 80 -j NFQUEUE
>> --queue-num 0
>> -A OUTPUT -p tcp -m mark --mark 0x1/0x1 -m tcp --sport 80 -j ACCEPT
>
> Are these in the (default) filter table?
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
>
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
More information about the Oisf-users
mailing list