[Oisf-users] http transaction not logged if http post body > 2KB
Delta Yeh
delta.yeh at gmail.com
Mon Jul 9 14:09:27 UTC 2012
I have set request_body_limit: 30720 which is about 30KB, but still no
request logged for request with 2KB post body.
Do you think it is because
reassembly:
memcap: 64mb
depth: 1mb # reassemble 1mb into a stream
toserver-chunk-size: 2560
toclient-chunk-size: 2560
Because I didn't load any rule when I start suricata.
2012/7/9 kay <kay.diam at gmail.com>:
> Hi Delta,
>
> Try to disable limitations in suricata.yaml
>
> request_body_limit: 0
> response_body_limit: 0
>
> 2012/7/9 Delta Yeh <delta.yeh at gmail.com>:
>> Hi,
>> I'm testing suricata 1.3 and I run into this problem.
>> The setup is :
>> 1. suricata 1.3 , default suricata.yaml
>> 2. no rule loaded
>> 3. enabled http log
>>
>> I use wget to do the tests,
>> If I send GET request, the http transaction is logged.
>> If I send POST request with small body(<1KB), the request is also logged.
>> If I send POST with body > 2KB, the request is not always logged.
>>
>> The test lab is clean, I do the request manually, so there is not
>> performance issue.
>>
>> Anyone has idea on this?
>>
>> BR,
>> DeltaY
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
More information about the Oisf-users
mailing list