[Oisf-users] Empty http.log file
kay
kay.diam at gmail.com
Tue Jul 10 14:16:32 UTC 2012
Dear Victor,
The rule I use is:
pass tcp any any -> any any (content: "TEST"; msg: "TEST stringt!";
nfq_set_mark:0x01/0x01; sid:2455;)
Where I set proper mark for packet which suricata should catch. And I
think that this packet should be logged and passed to another QUEUE
but unfortunately it is not.
2012/7/10 Victor Julien <victor at inliniac.net>:
> On 07/10/2012 04:08 PM, kay wrote:
>> 10/7/2012 -- 18:02:30 - <Info> - NFQ running in REPEAT mode with mark 0/0
>> 10/7/2012 -- 18:02:39 - <Info> - Packet seems already treated by suricata
>> 10/7/2012 -- 18:02:39 - <Info> - Packet seems already treated by suricata
>> 10/7/2012 -- 18:02:39 - <Info> - Packet seems already treated by suricata
>> 10/7/2012 -- 18:02:39 - <Info> - Packet seems already treated by suricata
>> 10/7/2012 -- 18:02:39 - <Info> - Packet seems already treated by suricata
>
> I think the mark you set if wrong. Can you set it to 1/1 in the yaml?
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
>
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
More information about the Oisf-users
mailing list