[Bro] NO DHCP.log

Johanna Amann johanna at icir.org
Fri Feb 26 09:18:35 PST 2016


Hello,

On Fri, Feb 26, 2016 at 10:00:25AM +0400, Zafar Pravaiz wrote:
> I am running SO 14.04. This is just capturing DNS and DHCP traffic on a
> span port. Recently i ran soup and reboot the box. After that i have
> noticed no DHCP log is showing up in bro log. i can see known_services
> shows DHCP as service but there no dhcp.log file being generate.  Any
> clue what went wrong? 

On a first glance I do not really have any idea what went wrong, but there
are a few things to check -

* just to verify, dns.log is still being written correctly?

* could you check that you see dhcp connections in conn.log? They should
  be tagged with dhcp in the service field.

and

* could you verify that loaded_scripts.log contains
  scripts/base/protocols/dhcp?

Johanna


More information about the Bro mailing list