[Oisf-users] Suricata's http-log
Peter Bates
peter.bates at ucl.ac.uk
Fri Mar 30 13:04:54 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello again all
On 29/03/2012 15:14, Victor Julien wrote:
>> I'm trying to avoid just using logrotate to move the file and
>> then restarting Suricata to pick up the change - if at all
>> possible.
>
> You can use the trick described here:
> https://redmine.openinfosecfoundation.org/issues/265#note-4
Thanks for the advice - and also Martin's suggestion that syslog
support for http-log might be useful.
I've been running httpry up until recently - and generally manage a
logfile from that of around 700-800Mb an hour, dropping to 200-300Mb
at quiet times.
Just testing with the Suricata http-log I've ended up with a 7Mb
logfile from 1pm-2pm (BST).
Httpry does also log the HTTP responses so you could argue the log
should be double the size - but there seems a big difference here
between the two.
- --
Peter Bates
Senior Computer Security Officer Phone: +44(0)2076792049
Information Services Division Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJPda91AAoJELhVoVpEMS6RPbwH/1nXjmMEbDzE6CQhGAgfYb6c
ebsrxKam3owvkOL2A/LHGeo4Y0nfjQ622jwZPhUHwEMl0FGNf6L7BNq9g//HOqhi
NKZQFAhYa45J6Fk2DpPAp6KUYb/RLHA0z3OflJtzFn18jAK9QE9POuRMiYSoqo18
XWZoxs3OuVi+UOxuWb97GAOoScsRrC5mQ2EI4LdodC9rjqy0RqJDhPxOVauOss7B
e65jJBxVgCCM2SfnnBoKy4PJR2XO0i3UguU6CGILiKFjb0SVScIzTvpxOelCR7bA
/TXZd/rnfhGHKFAhrx38bnfDgDvjFyQF/GbJkAfX3Cu7aEXWa1L5oA0oepJi868=
=MopT
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list