[Oisf-users] http.log + rules meta information

Chris Edwards Chris.Edwards at glasgow.ac.uk
Sat Jan 11 11:52:56 EST 2014


On Sat, 11 Jan 2014, Nikita Kislitsin wrote:

> Is there any way to include rules meta-information (*msg *field) to
> http.log records? I need not only have details about http request/responce,
> but also include a reference to the specific rule based on which this event
> was recored.

http.log is somewhat different in that it contains entries for *all* http 
transactions on the network, irrespective of whether they triggered an 
rule hit.

Of course, some http.log entries do relate to rule hits, so it might be 
nice to have some sort of reference as you suggest.  But what if multiple 
rules were triggered by a single request ?  Perhaps it would be better to 
record the URL info as part of fast.log.  Either way, I don't think this 
is possible at present.  That said, where packet data is captured with 
rule hits, if you view the packet in wireshark etc, then the URL is there 
for you.

Chris

-- 
Chris Edwards, Information Security, IT Services
University of Glasgow, charity number SC004401



More information about the Oisf-users mailing list