[Bro] Missing or "localhost" host field in bro http logs
Federico Foschini
undicizeri at gmail.com
Wed Jul 25 09:04:09 PDT 2018
Hello,
I notice that sometimes the field host in a bro-http log is missing or
contains localhost as a value.
How is that possible?
This is an example of a log witth localhost as host:
http.11:00:00-12:00:00.bak.gz:{"ts":"2018-07-25T11:39:09.440378Z","uid":"CZDkyn2xwPRU17Qm9g","id_orig_h":"198.134.154.227","id_orig_p":49558,"id_resp_h":"192.168.237.29","id_resp_p":8081,"trans_depth":3,"method":"GET","host":"localhost","uri":"/ospos/index.php/login","version":"1.1","user_agent":"Mozilla/5.0
(Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101
Firefox/22.0","request_body_len":0,"response_body_len":0,"status_code":500,"status_msg":"Internal
Server Error","tags":[]}
In this one the host is missing:
http.12:00:00-13:00:00.bak.gz:{"ts":"2018-07-25T12:09:31.955600Z","uid":"CERXcsevwbBQrqWDf","id_orig_h":"192.168.235.47","id_orig_p":57326,"id_resp_h":"192.168.50.201","id_resp_p":80,"trans_depth":2,"request_body_len":0,"response_body_len":0,"tags":[]}
Is that a normal behavior?
Thanks
--
Federico Foschini.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180725/4caf33a9/attachment.html
More information about the Bro
mailing list