Support #2396
closed
I enabled http-log setting, but got an empty http-log.log
Added by wangtao wang over 6 years ago.
Updated about 5 years ago.
Description
My suricata.yml file is here.
The network fundation like this
!!
Files
and I run the cmd like this:
./suricata -i eth3
- Assignee set to Anonymous
- Target version set to Support
What version are you running?
Can you provide a .pcap with some testing traffic?
Without more details it's hard to tell what the issue may be.
Andreas Herz wrote:
What version are you running?
Can you provide a .pcap with some testing traffic?
Without more details it's hard to tell what the issue may be.
Suricata 4.0.3
The testing traffic file is here.
Suricata's detail configuration like this
Andreas Herz wrote:
What version are you running?
Can you provide a .pcap with some testing traffic?
Without more details it's hard to tell what the issue may be.
There is a configuration about vlan:
- This option controls the use of vlan ids in the flow (and defrag)
- hashing. Normally this should be enabled, but in some (broken)
- setups where both sides of a flow are not tagged with the same vlan
- tag, we can ignore the vlan id's in the flow hashing.
vlan:
use-for-tracking: false
When set the user-for-tracking to false, the http-log works!
so it's solved for you now?
- Status changed from New to Closed
- Assignee deleted (
Anonymous)
- Target version deleted (
Support)
Also available in: Atom
PDF