[Oisf-users] TLSLOG

Andreas Moe moe.andreas at gmail.com
Sat Oct 10 17:46:18 UTC 2015

Hi there.

At the moment im looking into TLS-Certificate analysis and logging. Im
allready an avid Suricata user, so i enabled TLSLogging (json format).

One thing ive been seing is that the destination for all events is the IP
that has been contacted, and not the domain. Why is that?

One IP can hold tens to thousands of domains, so knwoing the domain that
was asked for with regards for that TLS log event would be very valuable.

Yes, correlation (as i do) does solve some issues, and could connect the
events. But my issue is why is it only the IP and not the FQDN that is in
the tlslog?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20151010/90562cc6/attachment.html>

More information about the Oisf-users mailing list