Actions
Feature #266
openlog http raw request for network forensic
Effort:
medium
Difficulty:
medium
Label:
Description
It would be great that suricata can log raw http traffic for network forensic audit.
each http request and response in a file (response body can be optional).
Modsecurity audit log is a good reference: http://www.modsecurity.org/documentation/modsecurity-apache/2.5.12/modsecurity2-data-formats.html#N10269
Updated by Victor Julien over 13 years ago
- Target version set to TBD
I certainly can see this being useful. However I don't foresee having the dev resources for it any time soon.
Community input (patches!) is very welcome here.
Updated by Sangkyun Noh almost 13 years ago
- Assignee changed from Anonymous to Sangkyun Noh
Updated by Victor Julien almost 6 years ago
- Effort set to medium
- Difficulty set to medium
Updated by Victor Julien over 4 years ago
- Assignee changed from Sangkyun Noh to Community Ticket
Updated by Philippe Antoine 9 months ago
I feel this is achieved with pcap conditional logging https://github.com/OISF/suricata/pull/7430 is it not ?
Updated by Victor Julien 9 months ago
I think this is more about a human readable log / stream of raw http data.
Actions