[Oisf-users] http.log + rules meta information

Peter Manev petermanev at gmail.com
Sun Jan 12 10:24:38 UTC 2014


On Sat, Jan 11, 2014 at 10:17 PM, Nikita Kislitsin
<kislitsin at group-ib.ru> wrote:
>
> Thanks!
>
> I need to search in http requests and write a log that includes all the details about matching sessions - src/dst ip:port, matched rule msg, domain, URI and method of HTTP-request.
>
> Looks like Suricata can't do that from the box, right?
>
>


Not right of the box.
It still looks to me that you need to correlate data - but you would
like all the information about that specific session to be written in
one specific log, correct?

Just to point out entries in the http.log are not directly related to
those in the fast.log(alert). In other words - http.log logs all the
http requests Suriacta sees, regardless of the fact if alerts are
triggered or not.

Suricata also can log DNS,TLS,Files detailed logs (besides alert and
http) - fyi.



thanks



-- 
Regards,
Peter Manev



More information about the Oisf-users mailing list