[Oisf-users] Dropping stream data Ameneded

Charles Devoe Charles.Devoe at cisecurity.org
Tue Feb 28 13:19:19 UTC 2017

Seems I left out a couple of details.   We are running Suritcata 3.0, using JSON output, and pfring 6.0.2.  There appears to be a lot of Memory and CPU capacity, watching this via htop.

We are capturing the stream hex data for our alerts.  In many of the Alerts we get truncated data:

We get

Instead of

GET /a.jar HTTP/1.1

The stream data drops the first 16 characters.

Any idea why?  Is this a known BUG?

Thank you for your support

This message and attachments may contain confidential information. If it appears that this message was sent to you by mistake, any retention, dissemination, distribution or copying of this message and attachments is strictly prohibited. Please notify the sender immediately and permanently delete the message and any attachments.

. . .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-users/attachments/20170228/87e8d0df/attachment-0001.html>

More information about the Oisf-users mailing list