[Bro] Blank HTTP logs
josh.guild at morphick.com
Wed Mar 22 11:30:11 PDT 2017
I've been running into an issue with the http.log not populating fields
(method, host, uri, referrer, UA) when spanned. I'm still getting the
status_code and status_msg populated in the http.log and I've read an
ancient article where Seth says this may be because of TCP checksum
We currently have rx/tx-checksumming disabled on the ports we're monitoring
but rx/tx-vlan-offload is enabled, could this be the culprit?
The largest entries in the weird.log are windo_recision,
data_before_established, and possible_split_routing.
Any help would be much appreciated!
Network Intelligence Analyst
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro