[Bro] SMTP entities log doesn't appears
C. L. Martinez
carlopmart at gmail.com
Thu Mar 27 07:53:14 PDT 2014
On Thu, Mar 27, 2014 at 2:36 PM, James Lay <jlay at slave-tothe-box.net> wrote:
> On 2014-03-27 08:29, C. L. Martinez wrote:
>> Hi all,
>> What can be the reason for smtp entities log file doesn't appears?
>> All works pretty well in my Bro cluster with this exception (all my
>> nodes are FreeBSD 10).
>> Inside worker.bro policy I have:
>> @load protocols/smtp/software
>> @load protocols/smtp/detect-suspicious-orig
>> @load protocols/smtp/entities-excerpt
>> entities-excerpt calls base/protocols/smtp/entities, correct??
>> Any idea??
>> Bro mailing list
>> bro at bro-ids.org
> Check your checksums...add:
> broargs = --no-checksums
> to your broctl.conf or if you're starting bro manually add:
> to your command line.
Uhmm .. Under worker.bro I have:
# Process packets despite bad checksums.
redef ignore_checksums = T;
Is this the same as to put "broargs = --no-checksums"??
More information about the Bro