Open Information Security Foundation

02/10/2017

02:04 PM Suricata Support #1900: Field http.hostname not being parsed out correctly.

What version is this flag added to be used? Josh Lane

10/10/2016

10:59 AM Suricata Support #1900: Field http.hostname not being parsed out correctly.

We have both a working and a non-working pcap after the changes. Any ideas why one works and one is broken? Both we... Josh Lane

10/07/2016

03:06 PM Suricata Support #1900: Field http.hostname not being parsed out correctly.

We've disabled the lro and gro offload on the interfaces and will capture new pcap for validation this is fixed. Wil... Josh Lane

09/27/2016

09:44 AM Suricata Support #1900: Field http.hostname not being parsed out correctly.

I've retested with the ethtool changes provided, restarting Suricata 3.1.2 and the result is no http.hostname content... Josh Lane

07:45 AM Suricata Support #1900: Field http.hostname not being parsed out correctly.

I've run the commands provided for the interface and retested but still have the same behavior, no content in http.ho... Josh Lane

09/26/2016

04:55 PM Suricata Support #1900: Field http.hostname not being parsed out correctly.

Andreas Herz wrote:
> How do you run suricata exactly and how does your setup look like?
> Peter couldn't reproduce... Josh Lane

03:13 PM Suricata Support #1900 (Closed): Field http.hostname not being parsed out correctly.

Seeing an issue with Suricata 3.1.1 & 3.1.2 where the HTTP URL, Method, Protocol, etc and all parsed into fields, but... Josh Lane

08/08/2016

07:32 AM Suricata Bug #1857: Extra character in alert signature msg in Suricata 3.0.1

Is this issue specific to CS rules or all rules for this particular bug? Josh Lane

08/02/2016

03:03 PM Suricata Bug #1857 (Closed): Extra character in alert signature msg in Suricata 3.0.1

Verified the rule file has the msg field set as follows:
*alert tcp $HOME_NET any -> any any (msg: "CrowdStrike M... Josh Lane