[Oisf-users] HTTP/File Logging not working
Adnan Baykal
abaykal at gmail.com
Wed May 14 09:58:42 UTC 2014
additionally, is there any bpf filters I can put in place to test the
libhtp functionality alone?
On Wed, May 14, 2014 at 5:46 AM, Adnan Baykal <abaykal at gmail.com> wrote:
> for this specific sensor, my CPU usage is about 98% all the time (I am
> working on replacing the sensor). but should no http logging be explained
> by not having cpu resources? I am not sure if this has anything to do
> with it but my http.memuse and http/memcap are all 0s.
>
> any ideas on how to troubleshoot this issue? are there any indicators for
> libhtp usage in the stats other than memcap/memuse?
>
>
>
>
> On Tue, May 13, 2014 at 5:59 AM, Victor Julien <lists at inliniac.net> wrote:
>
>> Please keep the conversation on the list.
>>
>> On 05/12/2014 09:21 PM, Adnan Baykal wrote:
>> > Ok - this fixed the issue on one sensor but not the second one :( I
>> > still have one sensor with no http logging. but this sensor is heavily
>> > loaded. would that impact this feature?
>>
>> Yes, certainly. If we can't track the http session properly, we can't
>> log it either.
>>
>> --
>> ---------------------------------------------
>> Victor Julien
>> http://www.inliniac.net/
>> PGP: http://www.inliniac.net/victorjulien.asc
>> ---------------------------------------------
>>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> OISF: http://www.openinfosecfoundation.org/
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20140514/ee89d471/attachment-0002.html>
More information about the Oisf-users
mailing list