[Oisf-users] Suricata's http-log
Martin Holste
mcholste at gmail.com
Fri Mar 30 13:56:27 UTC 2012
Use wc -l to count the log lines for both. httpry should be double.
On Fri, Mar 30, 2012 at 8:12 AM, Peter Manev <petermanev at gmail.com> wrote:
> Hi Peter,
>
> Is there any way that you could compare the two logs by the ways of
> scripting/bashing ? - if Suri and httpry are running at the same time (maybe
> just 10 min time span)?
>
> thanks
>
> On Fri, Mar 30, 2012 at 3:04 PM, Peter Bates <peter.bates at ucl.ac.uk> wrote:
>>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> Hello again all
>>
>> On 29/03/2012 15:14, Victor Julien wrote:
>> >> I'm trying to avoid just using logrotate to move the file and
>> >> then restarting Suricata to pick up the change - if at all
>> >> possible.
>> >
>> > You can use the trick described here:
>> > https://redmine.openinfosecfoundation.org/issues/265#note-4
>>
>> Thanks for the advice - and also Martin's suggestion that syslog
>> support for http-log might be useful.
>>
>> I've been running httpry up until recently - and generally manage a
>> logfile from that of around 700-800Mb an hour, dropping to 200-300Mb
>> at quiet times.
>>
>> Just testing with the Suricata http-log I've ended up with a 7Mb
>> logfile from 1pm-2pm (BST).
>>
>> Httpry does also log the HTTP responses so you could argue the log
>> should be double the size - but there seems a big difference here
>> between the two.
>>
>> - --
>> Peter Bates
>> Senior Computer Security Officer Phone: +44(0)2076792049
>> Information Services Division Internal Ext: 32049
>> University College London
>> London WC1E 6BT
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v2.0.17 (MingW32)
>> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>>
>> iQEcBAEBAgAGBQJPda91AAoJELhVoVpEMS6RPbwH/1nXjmMEbDzE6CQhGAgfYb6c
>> ebsrxKam3owvkOL2A/LHGeo4Y0nfjQ622jwZPhUHwEMl0FGNf6L7BNq9g//HOqhi
>> NKZQFAhYa45J6Fk2DpPAp6KUYb/RLHA0z3OflJtzFn18jAK9QE9POuRMiYSoqo18
>> XWZoxs3OuVi+UOxuWb97GAOoScsRrC5mQ2EI4LdodC9rjqy0RqJDhPxOVauOss7B
>> e65jJBxVgCCM2SfnnBoKy4PJR2XO0i3UguU6CGILiKFjb0SVScIzTvpxOelCR7bA
>> /TXZd/rnfhGHKFAhrx38bnfDgDvjFyQF/GbJkAfX3Cu7aEXWa1L5oA0oepJi868=
>> =MopT
>> -----END PGP SIGNATURE-----
>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>
>
>
> --
> Regards,
> Peter Manev
>
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
More information about the Oisf-users
mailing list