[Oisf-users] http transaction not logged if http post body > 2KB

Delta Yeh delta.yeh at gmail.com
Mon Jul 9 14:09:27 UTC 2012


I have set request_body_limit: 30720 which is about  30KB, but still no
 request logged for request with  2KB post body.

Do you think it is because

 reassembly:
    memcap: 64mb
    depth: 1mb                  # reassemble 1mb into a stream
    toserver-chunk-size: 2560
    toclient-chunk-size: 2560


Because I didn't load any rule when I start suricata.






2012/7/9 kay <kay.diam at gmail.com>:
> Hi Delta,
>
> Try to disable limitations in suricata.yaml
>
> request_body_limit: 0
> response_body_limit: 0
>
> 2012/7/9 Delta Yeh <delta.yeh at gmail.com>:
>> Hi,
>>   I'm testing suricata 1.3 and I run into this problem.
>>    The setup is :
>>    1. suricata 1.3 , default suricata.yaml
>>    2. no rule loaded
>>    3.  enabled http log
>>
>>    I use wget to do the tests,
>>    If I send GET request, the http transaction is logged.
>>    If I send POST request with small body(<1KB), the request is also logged.
>>    If I send POST with body > 2KB, the request is not always logged.
>>
>>    The test lab is clean, I do the request manually, so there is not
>> performance issue.
>>
>>   Anyone has  idea on this?
>>
>> BR,
>> DeltaY
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users



More information about the Oisf-users mailing list