Project

General

Profile

Actions
Copy link

Support #1213

closed
MP

HTTP reassembly problem - Suricata 2.0.1

Support #1213: HTTP reassembly problem - Suricata 2.0.1

Added by Mateusz Pigulski about 12 years ago. Updated over 10 years ago.

Status:
Closed
Priority:
Normal
Assignee:
-
Affected Versions:
Label:

Description

Hi experts!!!

I am new in suricata, so firstly I want say Hello!!.
I have configured Suricat 2.0.1 with pf_ring 5.6.1. I want use snuri to capture HTTP POST which are forwarded to my system. I have problem with configuration the output unified2-alert to store the reassembled packets. When size of HTTP POST is larger then 1500, I can see in my unified2 file that every tcp segemnt is stored as event and packet, so if HTTP POST consist of 2 tcp segments I have 2 events and 2 packets, from my point of view would be better to have only one event and packet for reassembled packet. My question is: is it possible to configure in suricata 2.0.1 output with unified2-alert to store reassembled packets ??

Files

Download all files
core.27825.gz (1.17 MB) core.27825.gz Mateusz Pigulski, 06/27/2014 01:55 PM
suricata.yaml (47.3 KB) suricata.yaml Mateusz Pigulski, 06/27/2014 02:00 PM
Actions
Copy link

Also available in: PDF Atom