[Bro] files.log

Seth Hall seth at icir.org
Thu Sep 29 05:37:04 PDT 2016

> On Sep 29, 2016, at 7:42 AM, erik clark <philosnef at gmail.com> wrote:
> Sorry, last post. Found http://mailman.icsi.berkeley.edu/pipermail/bro/2014-April/006893.html. This is inline with what I was discovering from my files.log. I will see if I can expand the framework to do correlation to get this info.

Ohh... I see now.  You didn't specify that it was the filename field that was null.  Unfortunately I think that the current behavior is best as the default behavior.  I suspect that at some point we'll see a package show up in the Bro package manager which adds some heuristically driven filenames (i.e. pulling "filenames" from URLs).


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

More information about the Bro mailing list