[Oisf-users] http transaction not logged if http post body > 2KB
Victor Julien
victor at inliniac.net
Mon Jul 9 10:15:28 EDT 2012
On 07/09/2012 04:09 PM, Delta Yeh wrote:
> I have set request_body_limit: 30720 which is about 30KB, but still no
> request logged for request with 2KB post body.
Can you share a pcap?
Thanks,
Victor
> Do you think it is because
>
> reassembly:
> memcap: 64mb
> depth: 1mb # reassemble 1mb into a stream
> toserver-chunk-size: 2560
> toclient-chunk-size: 2560
>
>
> Because I didn't load any rule when I start suricata.
>
>
>
>
>
>
> 2012/7/9 kay <kay.diam at gmail.com>:
>> Hi Delta,
>>
>> Try to disable limitations in suricata.yaml
>>
>> request_body_limit: 0
>> response_body_limit: 0
>>
>> 2012/7/9 Delta Yeh <delta.yeh at gmail.com>:
>>> Hi,
>>> I'm testing suricata 1.3 and I run into this problem.
>>> The setup is :
>>> 1. suricata 1.3 , default suricata.yaml
>>> 2. no rule loaded
>>> 3. enabled http log
>>>
>>> I use wget to do the tests,
>>> If I send GET request, the http transaction is logged.
>>> If I send POST request with small body(<1KB), the request is also logged.
>>> If I send POST with body > 2KB, the request is not always logged.
>>>
>>> The test lab is clean, I do the request manually, so there is not
>>> performance issue.
>>>
>>> Anyone has idea on this?
>>>
>>> BR,
>>> DeltaY
>>> _______________________________________________
>>> Oisf-users mailing list
>>> Oisf-users at openinfosecfoundation.org
>>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list