[Oisf-users] Strange log lines in http.log
Victor Julien
victor at inliniac.net
Fri Mar 2 09:53:33 UTC 2012
On 03/02/2012 10:49 AM, Travel Factory S.r.l. wrote:
>
>> Ideally you'd be doing full packet capture already, and it'd be a
>> matter
>> of pulling the pcap out :)
>
> Oh yes, of course :-)
>
> But I can't send to you a capture from the user ip since he also does
> unencripted traffic and I can't discriminate between them...
> ... or at least, >I< don't know how to do it... :-)
If you open it in wireshark and choose "follow tcp stream", can you can
see the content of the traffic. Can you remove the sensitive info from
that and send the text?
> BTW, suricata just core-dumped... :-(
A back trace would be appreciated!
gdb /path/to/suricata /path/to/core
then in gdb, issue "bt full" and send over that info.
Thanks!
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list