[Oisf-users] question about http eve log data source/dest flip
jason taylor
jtfas90 at gmail.com
Thu Feb 1 14:37:06 UTC 2018
On Thu, 2018-02-01 at 15:17 +0100, Victor Julien wrote:
> On 01-02-18 14:59, jason taylor wrote:
> > We started seeing some of our http traffic source and destination
> > data
> > flipped.
> >
> > I looked through the redmine tickets and didn't see anything
> > similar so
> > figured I would check in with folks here to see if anyone else has
> > run
> > across this.
> >
> > As far as we can tell it appears to happen when a client is going
> > to
> > port 443/ssl traffic through our proxies.
> >
> > flow data source and destination are correct so it appears to maybe
> > be
> > related to http parsing.
> >
> > Attached are the suricata build information, json log data and
> > pcap.
> >
> > Let me know if there is any other information that would be useful.
>
> I can confirm the issue with your pcap. Can you open a ticket?
>
> Thanks!
>
Done.
https://redmine.openinfosecfoundation.org/issues/2430
Thanks!
JT
More information about the Oisf-users
mailing list