[Oisf-users] question about http eve log data source/dest flip
Victor Julien
lists at inliniac.net
Thu Feb 1 14:17:19 UTC 2018
On 01-02-18 14:59, jason taylor wrote:
> We started seeing some of our http traffic source and destination data
> flipped.
>
> I looked through the redmine tickets and didn't see anything similar so
> figured I would check in with folks here to see if anyone else has run
> across this.
>
> As far as we can tell it appears to happen when a client is going to
> port 443/ssl traffic through our proxies.
>
> flow data source and destination are correct so it appears to maybe be
> related to http parsing.
>
> Attached are the suricata build information, json log data and pcap.
>
> Let me know if there is any other information that would be useful.
I can confirm the issue with your pcap. Can you open a ticket?
Thanks!
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list