Project

General

Profile

Actions
Copy link

Feature #266

open
DY CT

log http raw request for network forensic

Feature #266: log http raw request for network forensic

Added by delta yeh over 15 years ago. Updated almost 3 years ago.

Status:
New
Priority:
Normal
Assignee:
Community Ticket
Target version:
TBD
Effort:
medium
Difficulty:
medium
Label:

Description

It would be great that suricata can log raw http traffic for network forensic audit.
each http request and response in a file (response body can be optional).
Modsecurity audit log is a good reference: http://www.modsecurity.org/documentation/modsecurity-apache/2.5.12/modsecurity2-data-formats.html#N10269

VJ Updated by Victor Julien over 15 years ago Actions
Copy link
 #1

  • Target version set to TBD

I certainly can see this being useful. However I don't foresee having the dev resources for it any time soon.

Community input (patches!) is very welcome here.

VJ Updated by Victor Julien over 15 years ago Actions
Copy link
 #2

  • Assignee set to Anonymous

SN Updated by Sangkyun Noh almost 15 years ago Actions
Copy link
 #3

  • Assignee changed from Anonymous to Sangkyun Noh

VJ Updated by Victor Julien almost 8 years ago Actions
Copy link
 #4

  • Effort set to medium
  • Difficulty set to medium

VJ Updated by Victor Julien over 6 years ago Actions
Copy link
 #5

  • Assignee changed from Sangkyun Noh to Community Ticket

PA Updated by Philippe Antoine almost 3 years ago Actions
Copy link
 #6

I feel this is achieved with pcap conditional logging https://github.com/OISF/suricata/pull/7430 is it not ?

VJ Updated by Victor Julien almost 3 years ago Actions
Copy link
 #7

I think this is more about a human readable log / stream of raw http data.

Actions
Copy link

Also available in: PDF Atom