[Oisf-users] About Suricata http.log

Peter Manev petermanev at gmail.com
Wed Sep 17 18:56:39 UTC 2014 

On Tue, Sep 16, 2014 at 8:10 PM, Mesra.net CEO <admin at mesra.my> wrote:
> Dear Peter,
>
> I just upgrade my Suricata to 2.0.3 and using latest suricata.yaml but
> theres still no log on http.log, is it because http.log doesn’t support on
> IPS and Daemon mode ?

How about if you you enable http logging in eve-log - would you
experience the same problem? (http not logging in daemon IPS mode but
yes otherwise)?


>
> Any idea ? TQ
>
>
>
> -----Original Message----- From: Peter Manev
> Sent: Tuesday, September 16, 2014 4:23 PM
> To: Mesra.net CEO
> Cc: <oisf-users at lists.openinfosecfoundation.org>
> Subject: Re: [Oisf-users] About Suricata http.log
>
>
>
>
>> On 16 sep 2014, at 07:34, "Mesra.net CEO" <admin at mesra.my> wrote:
>>
>> Dear All,
>>
>> I’m running Suricata 1.4.1 on my bridge server and I run below command:
>>
>> /usr/bin/suricata -c /etc/suricata/suricata.yaml -q 0 –D
>>
>> The problem is, I can see the Suricata is running on
>> /var/log/suricata/fast.log, but on /var/log/suricata/httpd.log is only show
>> as:
>>
>> 09/16/2014-13:11:55.151757 xxx.xxx.xxx.xxx [**] / [**] check_http/v1.4.15
>> (nagios-plugins 1.4.15) [**] xxx.xxx.xxx.xxx:55052 –> xxx.xxx.xxx.xxx:80
>> 09/16/2014-13:16:55.231009 xxx.xxx.xxx.xxx [**] / [**] check_http/v1.4.15
>> (nagios-plugins 1.4.15) [**] xxx.xxx.xxx.xxx:55107 –> xxx.xxx.xxx.xxx:80
>>
>> For sure on suricata.yaml is already:
>>
>> - http-log:
>>   enabled: yes
>>   filename: http.log
>>   append: yes
>>
>> So the problem is if I run the Suricata without run as daemon, the
>> http.log will show in full detail, so how I can make the http.log show in
>> full detail when run as daemon?
>>
>> Please advice and Thank you so much.
>>
>
> Do you experience the same issue with the current stable 2.0.3 ?
>
>
>> _______________________________________________
>> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
>> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
>> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>> OISF: http://www.openinfosecfoundation.org/
>
>



-- 
Regards,
Peter Manev

More information about the Oisf-users mailing list