Feature #1191
openEVE log does not support customformat
Description
HTTP logging with EVE log does not support the customformat tag. It would be beneficial to have consistent features between EVE logging and regular http-log which does support the customformat tag.
This is similar to #1150 where tls.store can not be used with EVE log.
Updated by Victor Julien over 10 years ago
Does this do what you need? https://github.com/inliniac/suricata/pull/956
It allows for extra logging of http headers, although it's limited to a hardcoded list currently: https://github.com/inliniac/suricata/pull/956/files#diff-544ba33b2a4e8950a3c135a9717f319dR130
Updated by Paul Gofran over 10 years ago
A few things that we would like to see in addition to this are some of the things identified in #602:
Cookie parsing: ex "%{Foobar}C"
Max length: ex: "%[100]{Referer}i"
Also I did not see User-Agent in this list.
If HTTP_FIELD_SIZE could be broken up into request size and response size that would also be helpful.
Updated by Victor Julien over 10 years ago
- Tracker changed from Bug to Feature
UA is printed to the log by default. On the rest: sensible requests :)
Updated by Andreas Herz almost 9 years ago
- Assignee set to OISF Dev
- Target version set to TBD
Updated by Victor Julien over 6 years ago
- Assignee changed from OISF Dev to Anonymous
- Effort set to low
- Difficulty set to medium