[Bro] smb_cmd.log

william de ping bill.de.ping at gmail.com
Sun May 14 21:11:08 PDT 2017

Hi Izik,

in share/bro/policy/protocols/smb/main.smb
look for write_cmd_log =F, if you change it to T, it will start the

good luck

On Sun, May 14, 2017 at 10:28 AM, Izik Birka <Izik.Birka at hot.net.il> wrote:

> Hi
> I enable SMB detection
> I have smb_file.log and smb_mapping.log
> But  I don’t have the smb_cmd.log , why is that ?
> thanks
> This message (including any attachments) is intended only for the use of
> the individual or entity to which it is addressed and may contain materials
> protected by copyright or information that is non-public, proprietary,
> privileged, confidential, and exempt from disclosure under applicable law
> or agreement. If you are not the intended recipient, you are hereby
> notified that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this
> communication by error, notify the sender immediately and delete this
> message immediately. Thank you.
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170515/ce618f7b/attachment.html 

More information about the Bro mailing list