[Oisf-users] About Suricata http.log

[Peter Manev]

> On 16 sep 2014, at 07:34, "Mesra.net CEO" <admin at mesra.my> wrote:
> 
> Dear All,
> 
> I’m running Suricata 1.4.1 on my bridge server and I run below command:
> 
> /usr/bin/suricata -c /etc/suricata/suricata.yaml -q 0 –D
> 
> The problem is, I can see the Suricata is running on /var/log/suricata/fast.log, but on /var/log/suricata/httpd.log is only show as:
> 
> 09/16/2014-13:11:55.151757 xxx.xxx.xxx.xxx [**] / [**] check_http/v1.4.15 (nagios-plugins 1.4.15) [**] xxx.xxx.xxx.xxx:55052 –> xxx.xxx.xxx.xxx:80
> 09/16/2014-13:16:55.231009 xxx.xxx.xxx.xxx [**] / [**] check_http/v1.4.15 (nagios-plugins 1.4.15) [**] xxx.xxx.xxx.xxx:55107 –> xxx.xxx.xxx.xxx:80
> 
> For sure on suricata.yaml is already:
> 
> - http-log:
>   enabled: yes
>   filename: http.log
>   append: yes
> 
> So the problem is if I run the Suricata without run as daemon, the http.log will show in full detail, so how I can make the http.log show in full detail when run as daemon?
> 
> Please advice and Thank you so much.
> 

Do you experience the same issue with the current stable 2.0.3 ?


> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/