httpry is going to be logging all HTTP traffic on every monitored interface and httpry_agent is going to be inserting those HTTP logs into the MySQL database so they can be queried in Sguil and SQueRT. This may increase the load on your sensors and/or MySQL server.
Existing Security Onion users can perform an in-place upgrade using the following command (if you're behind a proxy, remember to set your proxy variables as described in the FAQ):
sudo -i "curl -L http://sourceforge.net/projects/security-onion/files/security-onion-upgrade.sh > ~/security-onion-upgrade.sh && bash ~/security-onion-upgrade.sh"
|If you're responding to an incident for an IP address, search for the IP and you'll see the httpry events are prefixed with "URL"|
|Clicking on a URL event will show further information in the Detail pane|
|Right-clicking on the Alert ID allows you to pull the entire transcript|
|SQueRT has an httpry search that will show all httpry logs|