[Oisf-users] Suricata's http-log

Martin Holste mcholste at gmail.com
Fri Mar 30 17:44:20 UTC 2012


Agree:  Of special interest are any requests greater than the packet
MTU as httpry does not truncate, it *drops* any requests greater than
the MTU.

On Fri, Mar 30, 2012 at 11:45 AM, Seth Hall <seth at icir.org> wrote:
>
> On Mar 30, 2012, at 11:30 AM, Peter Bates wrote:
>
>> Running httpry and Suricata with a BPF of a known host and generating
>> various GET requests seems to elicit identical logs (when eliminating
>> the fact that httpry logs the response as Martin noted so the log is
>> double the size).
>
>
> We wouldn't even complain if you threw Bro in the mix for comparing logs. :)
>
>  .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
> _______________________________________________
> Oisf-users mailing list
> Oisf-users at openinfosecfoundation.org
> http://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users



More information about the Oisf-users mailing list