Support #2396
closedI enabled http-log setting, but got an empty http-log.log
Description
My suricata.yml file is here.
The network fundation like this
!!
Files
Updated by wangtao wang over 6 years ago
and I run the cmd like this:
./suricata -i eth3
Updated by Andreas Herz over 6 years ago
- Assignee set to Anonymous
- Target version set to Support
What version are you running?
Can you provide a .pcap with some testing traffic?
Without more details it's hard to tell what the issue may be.
Updated by wangtao wang over 6 years ago
- File result.pcap result.pcap added
- File suricataconf.png suricataconf.png added
Andreas Herz wrote:
What version are you running?
Can you provide a .pcap with some testing traffic?
Without more details it's hard to tell what the issue may be.
Suricata 4.0.3
The testing traffic file is here.
Suricata's detail configuration like this
Updated by wangtao wang over 6 years ago
Andreas Herz wrote:
What version are you running?
Can you provide a .pcap with some testing traffic?
Without more details it's hard to tell what the issue may be.
There is a configuration about vlan:
- This option controls the use of vlan ids in the flow (and defrag)
- hashing. Normally this should be enabled, but in some (broken)
- setups where both sides of a flow are not tagged with the same vlan
- tag, we can ignore the vlan id's in the flow hashing.
vlan:
use-for-tracking: false
When set the user-for-tracking to false, the http-log works!
Updated by Victor Julien about 5 years ago
- Status changed from New to Closed
- Assignee deleted (
Anonymous) - Target version deleted (
Support)