[Bro-Dev] [JIRA] (BIT-1179) HTTP messages missing in files.log

Seth Hall (JIRA) jira at bro-tracker.atlassian.net
Thu Apr 10 09:08:07 PDT 2014


    [ https://bro-tracker.atlassian.net/browse/BIT-1179?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16114#comment-16114 ] 

Seth Hall commented on BIT-1179:
--------------------------------

This has been a long standing issue that we've always kind of deferred on so we just left the HTTP analyzer as one that can't tolerate packet loss.  We've discussed some ways of making this "re-synchronization" support a general concept in binpac++ which probably makes the most sense.  I'm really not sure there is much point in dumping lots of time in dealing with the current http analyzer since the analyzer has had this behavior for a long time.  That said, if it's an easy change and unlikely to break stuff too badly it would then make sense to do it. :P

If we changed this, it's possible that we'd have to revisit the base http scripts too to make sure they can cope with re-synchronization appropriately.

> HTTP messages missing in files.log
> ----------------------------------
>
>                 Key: BIT-1179
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1179
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>            Reporter: Robin Sommer
>            Assignee: Jon Siwek
>             Fix For: 2.3
>
>
> I have a trace with multiple HTTP requests inside a persistent HTTP session. for which only the first two appear in files.log, the remaining ones are missing. Looks like a bug. 



--
This message was sent by Atlassian JIRA
(v6.3-OD-02-026#6318)


More information about the bro-dev mailing list