tag:blogger.com,1999:blog-6352560843819453131.post6243296619987219864..comments2022-01-30T05:32:52.836-08:00Comments on IT Security through Open Source : Suricata IDS/IPS - HTTP custom header loggingPevmahttp://www.blogger.com/profile/07698265905172078652noreply@blogger.comBlogger12125tag:blogger.com,1999:blog-6352560843819453131.post-1943423118644000662014-12-17T06:34:17.759-08:002014-12-17T06:34:17.759-08:00Ok. Then I would suggest asking that question on o...Ok. Then I would suggest asking that question on our OISF mailing list. I am sure you will get a lot more help there from a that point of view. <br />https://lists.openinfosecfoundation.org/mailman/listinfo<br />Pevmahttps://www.blogger.com/profile/07698265905172078652noreply@blogger.comtag:blogger.com,1999:blog-6352560843819453131.post-8430322321712310582014-12-16T18:08:35.351-08:002014-12-16T18:08:35.351-08:00Dear Peter
I know that web sites,but i mean i...Dear Peter<br /> I know that web sites,but i mean is not that; i mean is through suricata get post data and save post data to eve.log, can you clearly understanding ?挖土https://www.blogger.com/profile/13330706105526894090noreply@blogger.comtag:blogger.com,1999:blog-6352560843819453131.post-53595069543233587872014-12-16T02:01:03.702-08:002014-12-16T02:01:03.702-08:00I think those three would be a good start for Pyth...I think those three would be a good start for Python/JSON and would give you an idea:<br />https://simplejson.readthedocs.org/en/latest/<br />https://docs.python.org/2/library/json.html<br />http://pymotw.com/2/json/Pevmahttps://www.blogger.com/profile/07698265905172078652noreply@blogger.comtag:blogger.com,1999:blog-6352560843819453131.post-25244408167813390422014-12-15T19:28:51.530-08:002014-12-15T19:28:51.530-08:00Java or Python is okJava or Python is ok挖土https://www.blogger.com/profile/13330706105526894090noreply@blogger.comtag:blogger.com,1999:blog-6352560843819453131.post-70275461848800088262014-12-15T03:01:43.798-08:002014-12-15T03:01:43.798-08:00It is a standard JSON format so this is depending ...It is a standard JSON format so this is depending on the script/transport that you would want to use.What kind of script/language are you using Java/Python/Perl.... ?Pevmahttps://www.blogger.com/profile/07698265905172078652noreply@blogger.comtag:blogger.com,1999:blog-6352560843819453131.post-21587281514853233552014-12-14T19:14:48.787-08:002014-12-14T19:14:48.787-08:00Yes , you are correct!!Yes , you are correct!!挖土https://www.blogger.com/profile/13330706105526894090noreply@blogger.comtag:blogger.com,1999:blog-6352560843819453131.post-87430882384290136202014-12-12T07:31:34.015-08:002014-12-12T07:31:34.015-08:00You want to write POST data to eve.log, correct?You want to write POST data to eve.log, correct?Pevmahttps://www.blogger.com/profile/07698265905172078652noreply@blogger.comtag:blogger.com,1999:blog-6352560843819453131.post-51066795086146198762014-12-11T23:34:48.781-08:002014-12-11T23:34:48.781-08:00oh..no...I can't describe more clearly, if you...oh..no...I can't describe more clearly, if you have a post request, the post data now can't see in the eve.log(example"name=Professional%20Ajax&publisher=Wiley",this post data ), my question is how to do about that ,then i can see the post data in eve.log ?if you again again not clearly,i want say "Thank you very much!"挖土https://www.blogger.com/profile/13330706105526894090noreply@blogger.comtag:blogger.com,1999:blog-6352560843819453131.post-34140252758148052752014-12-11T10:46:33.131-08:002014-12-11T10:46:33.131-08:00again - not clearly understanding what is your que...again - not clearly understanding what is your question. Maybe you could do a quick "grep" and see an example output or just click on a http record in the Kibana dashboard and see all the fields available and their data.Pevmahttps://www.blogger.com/profile/07698265905172078652noreply@blogger.comtag:blogger.com,1999:blog-6352560843819453131.post-52679566189535586592014-12-10T19:14:18.209-08:002014-12-10T19:14:18.209-08:00example post request:
POST / HTTP/1.1
Host: www.x...example post request:<br /><br />POST / HTTP/1.1<br />Host: www.xx.com<br />User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.6)<br />Gecko/20050225 Firefox/1.0.1<br />Content-Type: application/x-www-form-urlencoded<br />Content-Length: 40<br />Connection: Keep-Alive<br /> <br />name=Professional%20Ajax&publisher=Wiley<br /><br />i mean is that store the data "name=Professional%20Ajax&publisher=Wiley" in eve.log file with json type挖土https://www.blogger.com/profile/13330706105526894090noreply@blogger.comtag:blogger.com,1999:blog-6352560843819453131.post-49399912879559639932014-12-10T15:18:21.675-08:002014-12-10T15:18:21.675-08:00I am not sure I understand your question?I am not sure I understand your question?Pevmahttps://www.blogger.com/profile/07698265905172078652noreply@blogger.comtag:blogger.com,1999:blog-6352560843819453131.post-41833845904932713772014-12-09T19:42:48.895-08:002014-12-09T19:42:48.895-08:00Dear all
I have a question,i want to POST data...Dear all<br /> I have a question,i want to POST data output to eve.log file,but i didn't find where can configure the police, can you help me? thx挖土https://www.blogger.com/profile/13330706105526894090noreply@blogger.com