[Bro] New to Bro... Question about recording HTTP User Agents

Greg King gking at va-kings.com
Sat Dec 12 04:17:40 PST 2009


I am new to bro  and am basically experimenting to see if I can use it to record various HTTP headers and URIs as they transit a network gateway. Right now I am trying to see if I am experimenting with:

bro -r "favorite pcap file" tcp   and 
bro -r "favorite pcap file" http

to make sure I now what gets recorded in the logs with some of the default policy files.  I notice that conn.log gets built just fine when I run the above but I don't seem to get anything in http.log

Any ideas?

Thanks much,


More information about the Bro mailing list