[Oisf-users] Dropping stream data Ameneded
Charles Devoe
Charles.Devoe at cisecurity.org
Tue Feb 28 13:19:19 UTC 2017
Seems I left out a couple of details. We are running Suritcata 3.0, using JSON output, and pfring 6.0.2. There appears to be a lot of Memory and CPU capacity, watching this via htop.
We are capturing the stream hex data for our alerts. In many of the Alerts we get truncated data:
We get
1.1
Connection:
Instead of
GET /a.jar HTTP/1.1
Connection:
The stream data drops the first 16 characters.
Any idea why? Is this a known BUG?
Thank you for your support
This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.
. . .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170228/87e8d0df/attachment-0001.html>
More information about the Oisf-users
mailing list