[Oisf-users] About Suricata http.log
Mesra.net CEO
admin at mesra.my
Tue Sep 16 18:10:41 UTC 2014
Dear Peter,
I just upgrade my Suricata to 2.0.3 and using latest suricata.yaml but
theres still no log on http.log, is it because http.log doesn’t support on
IPS and Daemon mode ?
Any idea ? TQ
-----Original Message-----
From: Peter Manev
Sent: Tuesday, September 16, 2014 4:23 PM
To: Mesra.net CEO
Cc: <oisf-users at lists.openinfosecfoundation.org>
Subject: Re: [Oisf-users] About Suricata http.log
> On 16 sep 2014, at 07:34, "Mesra.net CEO" <admin at mesra.my> wrote:
>
> Dear All,
>
> I’m running Suricata 1.4.1 on my bridge server and I run below command:
>
> /usr/bin/suricata -c /etc/suricata/suricata.yaml -q 0 –D
>
> The problem is, I can see the Suricata is running on
> /var/log/suricata/fast.log, but on /var/log/suricata/httpd.log is only
> show as:
>
> 09/16/2014-13:11:55.151757 xxx.xxx.xxx.xxx [**] / [**] check_http/v1.4.15
> (nagios-plugins 1.4.15) [**] xxx.xxx.xxx.xxx:55052 –> xxx.xxx.xxx.xxx:80
> 09/16/2014-13:16:55.231009 xxx.xxx.xxx.xxx [**] / [**] check_http/v1.4.15
> (nagios-plugins 1.4.15) [**] xxx.xxx.xxx.xxx:55107 –> xxx.xxx.xxx.xxx:80
>
> For sure on suricata.yaml is already:
>
> - http-log:
> enabled: yes
> filename: http.log
> append: yes
>
> So the problem is if I run the Suricata without run as daemon, the
> http.log will show in full detail, so how I can make the http.log show in
> full detail when run as daemon?
>
> Please advice and Thank you so much.
>
Do you experience the same issue with the current stable 2.0.3 ?
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
> OISF: http://www.openinfosecfoundation.org/
More information about the Oisf-users
mailing list