[Oisf-users] Strange log lines in http.log

Victor Julien victor at inliniac.net
Fri Mar 2 09:53:33 UTC 2012


On 03/02/2012 10:49 AM, Travel Factory S.r.l. wrote:
> 
>> Ideally you'd be doing full packet capture already, and it'd be a 
>> matter
>> of pulling the pcap out :)
> 
> Oh yes, of course :-)
> 
> But I can't send to you a capture from the user ip since he also does 
> unencripted traffic and I can't discriminate between them...
> ... or at least, >I< don't know how to do it... :-)

If you open it in wireshark and choose "follow tcp stream", can you can
see the content of the traffic. Can you remove the sensitive info from
that and send the text?

> BTW, suricata just core-dumped... :-(

A back trace would be appreciated!

gdb /path/to/suricata /path/to/core

then in gdb, issue "bt full" and send over that info.

Thanks!

-- 
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------




More information about the Oisf-users mailing list