[Bro] Bro problem - no software.log written
sconzo at visiblerisk.com
Sat Feb 22 05:59:45 PST 2014
Make sure to set your Sites::local_net variable. If you set it to
0.0.0.0/0 you should get an entry in software.log for every connection
that bro can find qualifying entries for.
On Sat, Feb 22, 2014 at 1:22 AM, mv <meetalivaidya at gmail.com> wrote:
>> If sniffing an interface, as a first step check that the software scripts
> are being loaded:
>> $ pwd
>> $ zgrep software loaded_scripts.16\:59\:36-17\:00\:00.log.gz
> I have included the detect-webapps script in local.bro. It is supposed to
> show the logs in software.log. But the logs are not see.
> I checked that the software scripts are being loaded.
> I am not running against a pcap.
> Is there any way to debug why software.log is not written. Also, is there
> any other way I can see logs generated by detect-webapps.bro script which
> uses signatures.
> Bro mailing list
> bro at bro-ids.org
cat ~/.bash_history > documentation.txt
More information about the Bro