[Oisf-users] Suricata's http-log
Victor Julien
victor at inliniac.net
Fri Mar 30 15:14:27 UTC 2012
Also, since Suri's http engine is stateful packet loss may be a factor
as well. The "stream.gap" counter is one indication of streams affecting
packet loss.
On 03/30/2012 05:05 PM, Martin Holste wrote:
> Please use wc -l to count lines instead of file sizes when comparing.
>
> On Fri, Mar 30, 2012 at 9:49 AM, Victor Julien <victor at inliniac.net> wrote:
>> On 03/30/2012 04:48 PM, Peter Manev wrote:
>>> Please have in mind that Suricata actually logs only properly terminated
>>> connections in terms of http (FA received, proper tcp teardown).
>>
>> TCP sessions that time out (no RST or FIN sequence) will be logged as well.
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>> _______________________________________________
>> Oisf-users mailing list
>> Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list