[Oisf-users] http.log + rules meta information

Peter Manev petermanev at gmail.com
Sat Jan 11 16:45:25 UTC 2014


On Sat, Jan 11, 2014 at 5:28 PM, Nikita Kislitsin <kislitsin at group-ib.ru> wrote:
> Hello there!
>
> I'm new to Suricata, and it seems a great system! Would really appeciate any
> help with my small question.
>
> Is there any way to include rules meta-information (msg field) to http.log
> records? I need not only have details about http request/responce, but also
> include a reference to the specific rule based on which this event was
> recored. Is it possible to combine in one log file this information?

Is correlation what you are after ?

>
> For now I only see the solution in syncronising two separate log files -
> fast.log (with event/rule details) and http.log (with details of http
> requests). Would be great to come up with something better.
>
> Thanks,
> Nikita
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/



-- 
Regards,
Peter Manev



More information about the Oisf-users mailing list