[Bro] 2.1 file analysis logging in 2.2
seth at icir.org
Fri Feb 21 08:10:49 PST 2014
On Feb 21, 2014, at 9:43 AM, Mike Hamilton <mhamilton at 21ct.com> wrote:
> I believe in 2.2, the file analysis engine was modified such that the HTTP, SMTP,etc. file analysis logs were merged into a single files.log file.
Yep, sort of. There is still some information about the files pulled back into the protocol logs too. (and you could write scripts that pull more back).
> Some of the guys around the office thought they remembered a presentation back in August on being able to configure Bro to still report files in the 2.1 mode.
I think you're going to need to describe what is missing that you want back.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140221/8bc9a62a/attachment.bin
More information about the Bro