[Bro] Filenames not extracted in files.log

Charles A. Fair charles.fair at mac.com
Tue Apr 29 19:42:20 PDT 2014


The file analysis framework does not annotate the original file names as I understand it.  I am not sure why this is.  What it does do is assign a Unique File ID to each file that can be used to search search across different Bro logs.  

Chuck 


On Apr 29, 2014, at 5:49 PM, Bob Probert <bruisebrotherprobert at gmail.com> wrote:

> Hi all,
> 
> After looking at an aggregate 30 days of files.log in Splunk, I noticed that 98% of the files identified by Bro have no filenames associated with them. 
> 
> While I haven't done any rigorous testing of this, it just seems wrong. Is this a known bug? Is anyone else experiencing this?
> 
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro




More information about the Bro mailing list