[Oisf-users] the http response length in http log is 1 when extended http log is enabled
Anoop Saldanha
anoopsaldanha at gmail.com
Sat Jul 14 11:58:49 UTC 2012
On Tue, Jul 10, 2012 at 12:01 PM, Delta Yeh <delta.yeh at gmail.com> wrote:
> Hi,
> When enable extended http log, I notice that the response length is
> always 1 instead of the actual http response length.
>
> 07/10/2012-15:18:25.000280 hoho.com [**] /admin/1.php [**] Mozilla/4.0
> (compatible; MSIE 7.0; Windows NT 5.1; User-agent: Mozilla/4.0
> (compatible; MSIE 6.0; Windows NT 5.1; SV1; http://bsalsa.com) ; .NET
> CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.4506.2152; .NET4.0C;
> .NET4.0E) [**] <no referer> [**] GET [**] HTTP/1.1 [**] 200 [**] 1
> bytes [**] 192.168.35.153:35856 -> 192.168.35.111:8079
>
> Does " [**] 1 bytes [**]" represent the response length?
>
> BR,
> DeltaY
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
Can you share your pcap for this?
--
Anoop Saldanha
More information about the Oisf-users
mailing list