Add libhtp event for every htp_log() that needs an event.
This support would come from libhtp and suricata's http event engine
would be updated to fully support libhtp's flag based event event engine.
Updated by Philippe Antoine over 4 years ago
Here are the interesting log messages for which there are no events
"Request buffer over the limit: size %zd limit %zd."
"Response buffer over the limit: size %zd limit %zd."
"C-T multipart/byteranges in responses not supported"
"Transfer-encoding has abnormal chunked value"
"Chunked transfer-encoding on HTTP/0.9 or HTTP/1.0"
"Invalid response line: invalid protocol"
"Invalid response line: invalid response status %d."
"Request line incomplete"
In addition to that,
There is a message in libhtp which I think is dead code in htp_transaction.c
"[Internal Error] Invalid tx->response_content_encoding_processing value: %d"
And there are log messages which result from a wrong use of libhtp and are not reached by Suricata.
Should I go and create the Suricata events for the first list ?