[Oisf-users] Suricata's http-log
Martin Holste
mcholste at gmail.com
Fri Mar 30 17:44:20 UTC 2012
Agree: Of special interest are any requests greater than the packet
MTU as httpry does not truncate, it *drops* any requests greater than
the MTU.
On Fri, Mar 30, 2012 at 11:45 AM, Seth Hall <seth at icir.org> wrote:
>
> On Mar 30, 2012, at 11:30 AM, Peter Bates wrote:
>
>> Running httpry and Suricata with a BPF of a known host and generating
>> various GET requests seems to elicit identical logs (when eliminating
>> the fact that httpry logs the response as Martin noted so the log is
>> double the size).
>
>
> We wouldn't even complain if you threw Bro in the mix for comparing logs. :)
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
More information about the Oisf-users
mailing list