[Bro] ftp.log file isn't logging ftp related requests.

Johanna Amann johanna at icir.org
Tue Jul 26 19:20:44 PDT 2016


Hi Aneela,

Justin just reminded you that if you are running Bro and your ftp server
on the same box, you might potentially have to either disable some of the
acceleration features of your NIC, or tell Bro to disable checksumming.

You can try to either run bro with the -C command line flag, or set

redef ignore_checksums = T;.

in local.bro, if you are running broctl to see if that fixes the issue.

Johanna

On Tue, Jul 26, 2016 at 06:15:27PM -0700, Johanna Amann wrote:
> Hi Aneela,
> 
> would it potentially be possible to send me a trace of one of the sessions
> that Bro does not recognize correctly? Or, alternatively, can you create a
> ticket on tracker.bro.org and upload a trace there?
> 
> Thank you,
>  Johanna
> 
> On Fri, Jul 22, 2016 at 06:37:32AM +0000, Aneela Safdar wrote:
> > Hi,
> > 
> > 
> > I have bro and proftpd server installed on linux. I tried to connect with this server through a intentionally brute force attack with random usernames and passwords thinking ftp.log will record these attempts but it didn't. Instead ftp.log I am getting these requests logged in weird.log file.
> > I did same with ssh service but i logged all requests and related information in ssh.log file.How come I can make ftp.log file to log all ftp related information which I genuinely think should be a default setting. Isn't so? 
> > 
> > 
> > Regards, Aneela Safdar
> > 
> >    
> 
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> 


More information about the Bro mailing list