[Bro] http.log q.
Dk Jack
dnj0496 at gmail.com
Wed Jan 10 14:49:46 PST 2018
Hi,
In a cluster environment, in the HTTP log, for the same connection-id i.e
same 4-tuple and UID, is it ok if the transaction depth field value is
lower than the ten-depth of some of the lines that came before it? for
example, I am seeing txns as shown below...
1515542375.578187 CGR1kN3pynC8a3GXK1 10.20.11.1 7867 10.20.11.120 9453
79 POST ...
1515542387.701328 CGR1kN3pynC8a3GXK1 10.20.11.1 7867 10.20.11.120 9453
90 POST ...
1515542354.674611 CGR1kN3pynC8a3GXK1 10.20.11.1 7867 10.20.11.120 9453
55 POST ...
1515542382.015911 CGR1kN3pynC8a3GXK1 10.20.11.1 7867 10.20.11.120 9453
85 POST ...
Is this normal? What is the explanation. Thanks.
Dk.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180110/abe770fd/attachment.html
More information about the Bro
mailing list