[Oisf-users] Dropping stream data Ameneded
Peter Manev
petermanev at gmail.com
Wed Jun 14 07:39:39 UTC 2017
On Tue, Feb 28, 2017 at 2:19 PM, Charles Devoe
<Charles.Devoe at cisecurity.org> wrote:
> Seems I left out a couple of details. We are running Suritcata 3.0, using
> JSON output, and pfring 6.0.2. There appears to be a lot of Memory and CPU
> capacity, watching this via htop.
>
>
>
> We are capturing the stream hex data for our alerts. In many of the Alerts
> we get truncated data:
>
>
>
> We get
>
>
>
> 1.1
>
> Connection:
>
> Instead of
>
>
> GET /a.jar HTTP/1.1
>
If you are still having this issue with 3.2.2 - can you please open a
bug report and share a pcap that we can reproduce the bug with?
> Connection:
>
>
> The stream data drops the first 16 characters.
>
> Any idea why? Is this a known BUG?
>
>
>
> Thank you for your support
>
>
>
>
>
>
>
> This message and attachments may contain confidential information. If it
> appears that this message was sent to you by mistake, any retention,
> dissemination, distribution or copying of this message and attachments is
> strictly prohibited. Please notify the sender immediately and permanently
> delete the message and any attachments.
> . . .
>
> _______________________________________________
> Suricata IDS Users mailing list: oisf-users at openinfosecfoundation.org
> Site: http://suricata-ids.org | Support: http://suricata-ids.org/support/
> List: https://lists.openinfosecfoundation.org/mailman/listinfo/oisf-users
>
--
Regards,
Peter Manev
More information about the Oisf-users
mailing list