[Bro] Smtp.log missing x-originating-ip

James Lay jlay at slave-tothe-box.net
Tue Jan 19 10:12:55 PST 2016

Topic says it...after a digging into this it appears my smtp.log is 
missing all x-originating-ip:

[18:11:06 ids:~/current$] head -n 40 smtp.log | bro-cut -d ts 
2016-01-18T23:58:31+0000        -
2016-01-18T23:58:34+0000        -
2016-01-18T23:58:32+0000        -
2016-01-18T23:58:35+0000        -
2016-01-18T23:58:39+0000        -
2016-01-18T23:58:46+0000        -
2016-01-18T23:58:52+0000        -
2016-01-18T23:59:02+0000        -
2016-01-18T23:59:04+0000        -

I can see the field in full packet captures.  Any hints on what I'm 
missing?  Thank you.


More information about the Bro mailing list