[Zeek] Missing request body
Justin Azoff
justin at corelight.com
Fri Jan 17 06:12:14 PST 2020
What do the corresponding conn.log records for these connections look like?
On Thu, Jan 16, 2020 at 6:41 PM Yi Zhu <yizhu at shapesecurity.com> wrote:
> Hi,
>
> I found zeek are missing request bodies in my testing setup.
> Could you please help with it?
>
> I am testing with one testing client, one testing server and one zeek
> server.
> Zeek server runs version 3.0.0 with pfring and 8 workers.
> For example, if I send 10000 testing requests, zeek can get 10000 records.
> But, around 100 records do not have request bodies. And the request body
> length is 0.
> I run tcpdump against the mirroring interface.
> The request bodies are in the tcpdump logs. Also I can see the
> content_length is 28 which matches my testing requests.
>
> Thanks,
> Yi
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200117/3e0fedc9/attachment.html
More information about the Zeek
mailing list