[Bro] Filenames not extracted in files.log
Charles A. Fair
charles.fair at mac.com
Tue Apr 29 19:42:20 PDT 2014
The file analysis framework does not annotate the original file names as I understand it. I am not sure why this is. What it does do is assign a Unique File ID to each file that can be used to search search across different Bro logs.
On Apr 29, 2014, at 5:49 PM, Bob Probert <bruisebrotherprobert at gmail.com> wrote:
> Hi all,
> After looking at an aggregate 30 days of files.log in Splunk, I noticed that 98% of the files identified by Bro have no filenames associated with them.
> While I haven't done any rigorous testing of this, it just seems wrong. Is this a known bug? Is anyone else experiencing this?
> Bro mailing list
> bro at bro-ids.org
More information about the Bro