[Oisf-users] HTTP Logging Update
Adnan Baykal
abaykal at gmail.com
Wed Jun 4 20:08:51 UTC 2014
I have been having no HTTP logging at all on one of my sensors. I have
posted several questions to this blog. Mind you that this sensor does drop
significant amount of data (about 50%) and I do understand that there will
be a lot of http traffic missed due to drops but not having any entry in
the http.log file was concerning. I thought I would at least see some
entries.
This morning, I found a setting:
midstream: true # do not allow midstream session pickups
async_oneside: true # do not enable async stream handling
When above setting is applied to the stream, I get limited HTTP log. My
question is "can this change in behavior be explained by dropped packets"?
does this change further support the theory that this box is significantly
undersized and that the bigger box would operate normally with full http
traffic?
I am in the process of upgrading this sensor to a 32GB 20 Core system (it
is currently 16GB 8 Core).
Thanks,
--Adnan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140604/506bff06/attachment.html>
More information about the Oisf-users
mailing list