[Oisf-users] Suricata's http-log

Victor Julien victor at inliniac.net
Fri Mar 30 15:55:29 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 03/30/2012 05:49 PM, Martin Holste wrote:
> This is what I was afraid of.  It sounds to me like Suricata can't 
> keep up logging at medium to high volumes.

Btw, we identified a scalability issue wrt http logging. Fix should be
in git sometime next week:

https://redmine.openinfosecfoundation.org/issues/438

Cheers,
Victor

> On Fri, Mar 30, 2012 at 10:30 AM, Peter Bates
> <peter.bates at ucl.ac.uk> wrote:
> 
> Hello all
> 
> On 30/03/2012 16:05, Martin Holste wrote:
>>>> Please use wc -l to count lines instead of file sizes when 
>>>> comparing.
> 
> Running httpry and Suricata with a BPF of a known host and
> generating various GET requests seems to elicit identical logs
> (when eliminating the fact that httpry logs the response as Martin
> noted so the log is double the size).
> 
> I'll dig a bit more - there is obviously a bit of a difference
> between testing against one destination from one source and the
> traffic I usually see.
> 
>> 
>> _______________________________________________ Oisf-users
>> mailing list Oisf-users at openinfosecfoundation.org 
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>> 
_______________________________________________
> Oisf-users mailing list Oisf-users at openinfosecfoundation.org 
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> 

- -- 
- ---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
- ---------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk9113EACgkQiSMBBAuniMci+ACfRUgOyXcf0qmangDHv586ibeV
PwkAn17Mcri1nZx6Y/qaJeexUsSTndUK
=4tiC
-----END PGP SIGNATURE-----



More information about the Oisf-users mailing list