Hi - second question in Suricata Fundamentals - have changed yaml file to enable http-log, run suricata as asked
suricata -r /home/htb-student/pcaps/suspicious.pcap
http.log appears … surely by the way the question is phrased the answer should be in this file … but only one .php file and it is not correct
Any help much appreciated
So I have the entire module except for this answer lol!
I have gone over it every way possible and the only php address is
http://adv.epostoday.uk/app.php
and this does not work
Please can any one point out what I am doing wrong?
answer is just the “requested page”
got right answer after reading question several times 
Hi - thanks for your help but I’m not sure what you mean? Obviously the answer is not: requested_page.php
The question tells you that the answer is the requested php page so I’m not quite sure what you mean
Any help much appreciated!
answer is just the tail, no need to write full website name
I got it but i swear I tried that a load of times before! Thanks for your time!
I used this after using suricata: cat eve.json | grep .php