[Zeek] Missing request body
Yi Zhu
yizhu at shapesecurity.com
Thu Jan 16 15:33:30 PST 2020
Hi,
I found zeek are missing request bodies in my testing setup.
Could you please help with it?
I am testing with one testing client, one testing server and one zeek
server.
Zeek server runs version 3.0.0 with pfring and 8 workers.
For example, if I send 10000 testing requests, zeek can get 10000 records.
But, around 100 records do not have request bodies. And the request body
length is 0.
I run tcpdump against the mirroring interface.
The request bodies are in the tcpdump logs. Also I can see the
content_length is 28 which matches my testing requests.
Thanks,
Yi
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200116/d487132e/attachment.html
More information about the Zeek
mailing list