[Bro] "hash-all-files", er, doesn't?

Glenn Forbes Fleming Larratt gl89 at cornell.edu
Fri Nov 21 05:27:24 PST 2014


Fairly new bro user, still figuring things out.

I recent changed my local.bro file to call hash-all-files, viz.:
#### Network File Handling ####

# Enable MD5 and SHA1 hashing for all files.
@load frameworks/files/hash-all-files

, and I've confirmed that it seems to be loading - "broctl check" seems to 
return OK, and errors out if I tweak the path so it's invalid. However, 
I'm not seeing any checksums in the logs/YYYY-MM-DD/file.* files or 
anywhere else.

Is there another piece I need configure? Might I be looking in the wrong 
place? Is there any telemmetry I can bring to bear to debug this?

Thanks for any info or assistance,
Glenn Forbes Fleming Larratt
Cornell University IT Security Office

More information about the Bro mailing list