system version
suricata build info
build-info.log (3.9 KB)
The problem is that the http traffic can be captured on the p2p2 network card, but suricata has no http logs:
21suricata.yaml (78.6 KB)
stats.log (193.2 KB)
You can see that there is no http flow log, but there is a dns log
Who can answer the following
I’m not able to recreate your issue using Suricata 7.0.6
I added this snippet to the output section of suricata.yaml and HTTP events were properly written to http.eve.json
# Extensible Event Format (nicknamed EVE) event log in JSON format
- eve-log:
enabled: yes
filetype: regular #regular|syslog|unix_dgram|unix_stream|redis
filename: http.eve.json
types:
- http:
extended: yes # enable this for extended logging information
# custom allows additional HTTP fields to be included in eve-log.
# the example below adds three additional fields when uncommented
custom: [Accept-Encoding, Accept-Language, Authorization]
# set this value to one and only one from {both, request, response}
# to dump all HTTP headers for every HTTP request and/or response
# dump-all-headers: none