[Oisf-users] Suricata's http-log

Martin Holste mcholste at gmail.com
Fri Mar 30 15:49:14 UTC 2012


This is what I was afraid of.  It sounds to me like Suricata can't
keep up logging at medium to high volumes.

On Fri, Mar 30, 2012 at 10:30 AM, Peter Bates <peter.bates at ucl.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Hello all
>
> On 30/03/2012 16:05, Martin Holste wrote:
>> Please use wc -l to count lines instead of file sizes when
>> comparing.
>
> Running httpry and Suricata with a BPF of a known host and generating
> various GET requests seems to elicit identical logs (when eliminating
> the fact that httpry logs the response as Martin noted so the log is
> double the size).
>
> I'll dig a bit more - there is obviously a bit of a difference between
> testing against one destination from one source and the traffic I
> usually see.
>
> - --
> Peter Bates
> Senior Computer Security Officer    Phone: +44(0)2076792049
> Information Services Division       Internal Ext: 32049
> University College London
> London WC1E 6BT
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.17 (MingW32)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJPddF9AAoJELhVoVpEMS6RfCkIAJV8KggdatFHFZsb5NNMRcc9
> IgUR6Y7TVknwfUZL9uJi7P/gOeJqJlmAcl4tcuG8CfWy5tZEWDJQ0UoOKV/GCeU7
> 1iSn0aL6eAhB46xjiI3vGGiAPiZ0SjKD4yCEDJCoUX1SV8h+Ov+7H7sHOzjHX9Da
> D6KV+4B4UKSor96n/Fbfvnk70BmvygrL4QNe/AYw7G77MykXh3uIGFfwHKdZW3dw
> uCjScrtiWfA6gHUBaxKM9syScZU1OMRGr9gaVTBNRZXrC2Kz9T5LSvJtY7KvYbc/
> QBdlOtIYn4/hqVpCi1iV2P2Qm6B2l+F/T3zngjGxHfUBiCFYKW8k5fMvNpJEttc=
> =8bHp
> -----END PGP SIGNATURE-----
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users



More information about the Oisf-users mailing list