[Oisf-users] Suricata's http-log

Peter Bates peter.bates at ucl.ac.uk
Fri Mar 30 15:30:05 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


Hello all

On 30/03/2012 16:05, Martin Holste wrote:
> Please use wc -l to count lines instead of file sizes when
> comparing.

Running httpry and Suricata with a BPF of a known host and generating
various GET requests seems to elicit identical logs (when eliminating
the fact that httpry logs the response as Martin noted so the log is
double the size).

I'll dig a bit more - there is obviously a bit of a difference between
testing against one destination from one source and the traffic I
usually see.

- -- 
Peter Bates
Senior Computer Security Officer    Phone: +44(0)2076792049
Information Services Division	    Internal Ext: 32049
University College London
London WC1E 6BT
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJPddF9AAoJELhVoVpEMS6RfCkIAJV8KggdatFHFZsb5NNMRcc9
IgUR6Y7TVknwfUZL9uJi7P/gOeJqJlmAcl4tcuG8CfWy5tZEWDJQ0UoOKV/GCeU7
1iSn0aL6eAhB46xjiI3vGGiAPiZ0SjKD4yCEDJCoUX1SV8h+Ov+7H7sHOzjHX9Da
D6KV+4B4UKSor96n/Fbfvnk70BmvygrL4QNe/AYw7G77MykXh3uIGFfwHKdZW3dw
uCjScrtiWfA6gHUBaxKM9syScZU1OMRGr9gaVTBNRZXrC2Kz9T5LSvJtY7KvYbc/
QBdlOtIYn4/hqVpCi1iV2P2Qm6B2l+F/T3zngjGxHfUBiCFYKW8k5fMvNpJEttc=
=8bHp
-----END PGP SIGNATURE-----




More information about the Oisf-users mailing list