[Oisf-users] Suricata's http-log
Victor Julien
victor at inliniac.net
Fri Mar 30 15:55:29 UTC 2012
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 03/30/2012 05:49 PM, Martin Holste wrote:
> This is what I was afraid of. It sounds to me like Suricata can't
> keep up logging at medium to high volumes.
Btw, we identified a scalability issue wrt http logging. Fix should be
in git sometime next week:
https://redmine.openinfosecfoundation.org/issues/438
Cheers,
Victor
> On Fri, Mar 30, 2012 at 10:30 AM, Peter Bates
> <peter.bates at ucl.ac.uk> wrote:
>
> Hello all
>
> On 30/03/2012 16:05, Martin Holste wrote:
>>>> Please use wc -l to count lines instead of file sizes when
>>>> comparing.
>
> Running httpry and Suricata with a BPF of a known host and
> generating various GET requests seems to elicit identical logs
> (when eliminating the fact that httpry logs the response as Martin
> noted so the log is double the size).
>
> I'll dig a bit more - there is obviously a bit of a difference
> between testing against one destination from one source and the
> traffic I usually see.
>
>>
>> _______________________________________________ Oisf-users
>> mailing list Oisf-users at openinfosecfoundation.org
>> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
>>
_______________________________________________
> Oisf-users mailing list Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
- --
- ---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
- ---------------------------------------------
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iEYEARECAAYFAk9113EACgkQiSMBBAuniMci+ACfRUgOyXcf0qmangDHv586ibeV
PwkAn17Mcri1nZx6Y/qaJeexUsSTndUK
=4tiC
-----END PGP SIGNATURE-----
More information about the Oisf-users
mailing list