[Oisf-users] http.log + rules meta information
Chris Edwards
Chris.Edwards at glasgow.ac.uk
Sat Jan 11 16:52:56 UTC 2014
On Sat, 11 Jan 2014, Nikita Kislitsin wrote:
> Is there any way to include rules meta-information (*msg *field) to
> http.log records? I need not only have details about http request/responce,
> but also include a reference to the specific rule based on which this event
> was recored.
http.log is somewhat different in that it contains entries for *all* http
transactions on the network, irrespective of whether they triggered an
rule hit.
Of course, some http.log entries do relate to rule hits, so it might be
nice to have some sort of reference as you suggest. But what if multiple
rules were triggered by a single request ? Perhaps it would be better to
record the URL info as part of fast.log. Either way, I don't think this
is possible at present. That said, where packet data is captured with
rule hits, if you view the packet in wireshark etc, then the URL is there
for you.
Chris
--
Chris Edwards, Information Security, IT Services
University of Glasgow, charity number SC004401
More information about the Oisf-users
mailing list