[Bro] Bro problem - no software.log written
meetalivaidya at gmail.com
Tue Feb 25 01:13:50 PST 2014
the ALL_HOSTS setting is not useful in my case. In my case, I want to
detect some webapps. I have enabled the detect-webapps.bro script. But logs
are not created. Am I missing anything else that needs to be changed?
On Tue, Feb 25, 2014 at 1:43 PM, Mike Sconzo <sconzo at visiblerisk.com> wrote:
> Figured it'd have side effects, didn't really matter for my use cases.
> However, the ALL_HOSTS setting is useful, and I didn't know that.
> On Mon, Feb 24, 2014 at 7:16 AM, Seth Hall <seth at icir.org> wrote:
> > On Feb 22, 2014, at 8:59 AM, Mike Sconzo <sconzo at visiblerisk.com> wrote:
> >> Make sure to set your Sites::local_net variable. If you set it to
> >> 0.0.0.0/0 you should get an entry in software.log for every connection
> >> that bro can find qualifying entries for.
> > That will have side effects in other areas of Bro. If you want to log
> all software seen, it's probably better to use...
> > redef Software::asset_tracking = ALL_HOSTS;
> > Keep in mind though that this will have consequences in memory because
> it will store all of the seen software in memory.
> > .Seth
> > --
> > Seth Hall
> > International Computer Science Institute
> > (Bro) because everyone has a network
> > http://www.bro.org/
> cat ~/.bash_history > documentation.txt
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro