[Oisf-users] http transaction not logged if http post body > 2KB

Delta Yeh delta.yeh at gmail.com
Mon Jul 9 13:55:39 UTC 2012

  I'm testing suricata 1.3 and I run into this problem.
   The setup is :
   1. suricata 1.3 , default suricata.yaml
   2. no rule loaded
   3.  enabled http log

   I use wget to do the tests,
   If I send GET request, the http transaction is logged.
   If I send POST request with small body(<1KB), the request is also logged.
   If I send POST with body > 2KB, the request is not always logged.

   The test lab is clean, I do the request manually, so there is not
performance issue.

  Anyone has  idea on this?


More information about the Oisf-users mailing list