https://redmine.openinfosecfoundation.org/https://redmine.openinfosecfoundation.org/favicon.ico?17011170022019-01-14T12:56:09ZOpen Information Security FoundationSuricata - Support #2768: Some HTTP events are not written to EVE filehttps://redmine.openinfosecfoundation.org/issues/2768?journal_id=107692019-01-14T12:56:09ZVictor Julienvictor@inliniac.net
<ul><li><strong>Priority</strong> changed from <i>Urgent</i> to <i>Normal</i></li></ul><p>Not all packets contain the VLAN tags, so Suricata sees multiple flows. If possible, find out why the traffic is only partly tagged. A work around in Suricata is to disable vlan tracking:</p>
<pre>
vlan:
use-for-tracking: false
</pre>
<p>Or on the commandline: "--set vlan.use-for-tracking=false".</p> Suricata - Support #2768: Some HTTP events are not written to EVE filehttps://redmine.openinfosecfoundation.org/issues/2768?journal_id=107712019-01-14T13:17:05ZMichael Molho
<ul></ul><p>Thank you very much Victor ! I've just tested the workaround and it works perfectly !</p> Suricata - Support #2768: Some HTTP events are not written to EVE filehttps://redmine.openinfosecfoundation.org/issues/2768?journal_id=107722019-01-14T13:20:33ZVictor Julienvictor@inliniac.net
<ul><li><strong>Status</strong> changed from <i>New</i> to <i>Closed</i></li></ul><p>Great, thanks for reporting back.</p>