[Bro] No http.log and dns.log missing

Monah Baki monahbaki at gmail.com
Mon May 18 06:46:26 PDT 2015


Yes it is.

eth1      Link encap:Ethernet  HWaddr 00:50:56:8b:0f:0a
          inet6 addr: fe80::250:56ff:fe8b:f0a/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:300657037 errors:0 dropped:28 overruns:0 frame:0
          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:193217271566 (193.2 GB)  TX bytes:648 (648.0 B)




On Mon, May 18, 2015 at 9:38 AM, Yahoo <cbakkers at yahoo.de> wrote:

> is it set to promiscioud mode?
>
>
>
> On 18 May 2015, at 15:31, Monah Baki <monahbaki at gmail.com> wrote:
>
> netstat -i
>
> Kernel Interface table
> Iface   MTU Met   RX-OK RX-ERR RX-DRP RX-OVR    TX-OK TX-ERR TX-DRP TX-OVR
> Flg
> eth0       1500 0    463397      0     10 0        521906      0
> 0      0 BMRU
> eth1       1500 0  299482016      0     28 0             8      0
> 0      0 BMRU
>
> eth1 is my listening interface
>
>
> Thanks
>
> On Mon, May 18, 2015 at 9:21 AM, Yahoo <cbakkers at yahoo.de> wrote:
>
>> have you checked if your interfaces are running in promiscuous mode?
>>
>>
>>
>> > On 18 May 2015, at 15:02, Monah Baki <monahbaki at gmail.com> wrote:
>> >
>> > Bro seems to have all the logs except http and dns. If I run a quick
>> tcpdump on my interface for port 80 and 53, I do see event.
>> >
>> > Anything else I can troubleshoot for?
>> >
>> >
>> > Thanks
>> > Monah
>> > _______________________________________________
>> > Bro mailing list
>> > bro at bro-ids.org
>> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150518/5bedd48f/attachment.html 


More information about the Bro mailing list