[Oisf-users] rule using http protocol not working
Victor Julien
lists at inliniac.net
Tue Feb 19 19:11:12 UTC 2019
On 19-02-19 19:38, GORHAM JOHNSON, OZELINA wrote:
> pcap file attached
The pcap contains just one side of the traffic it seems, so maybe you
need the stream.async-oneside option to be enabled.
Better would be to make sure Suricata sees both sides of the traffic.
--
---------------------------------------------
Victor Julien
http://www.inliniac.net/
PGP: http://www.inliniac.net/victorjulien.asc
---------------------------------------------
More information about the Oisf-users
mailing list