[Oisf-users] HTTP/File Logging not working

Adnan Baykal abaykal at gmail.com
Wed May 14 09:46:00 UTC 2014


for this specific sensor, my CPU usage is about 98% all the time (I am
working on replacing the sensor). but should no http logging be explained
by not having cpu resources? I am not sure if this has anything to do with
it but my http.memuse and http/memcap are all 0s.

any ideas on how to troubleshoot this issue? are there any indicators for
libhtp usage in the stats other than memcap/memuse?




On Tue, May 13, 2014 at 5:59 AM, Victor Julien <lists at inliniac.net> wrote:

> Please keep the conversation on the list.
>
> On 05/12/2014 09:21 PM, Adnan Baykal wrote:
> > Ok - this fixed the issue on one sensor but not the second one :( I
> > still have one sensor with no http logging. but this sensor is heavily
> > loaded. would that impact this feature?
>
> Yes, certainly. If we can't track the http session properly, we can't
> log it either.
>
> --
> ---------------------------------------------
> Victor Julien
> http://www.inliniac.net/
> PGP: http://www.inliniac.net/victorjulien.asc
> ---------------------------------------------
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140514/4511d92e/attachment-0002.html>


More information about the Oisf-users mailing list