[Bro] SMB copied files not showing in files.log

Seth Hall seth at corelight.com
Thu Nov 9 08:54:28 PST 2017



On 9 Nov 2017, at 5:11, Rinaldi Stefano wrote:

> The AV implies that all the files present in the selected remote 
> directory are partially read and this leads to spurious entries in Bro 
> SMB log files.

If a portion of a file is actually transferred then you should 
definitely expect to see the file represented in smb_files.log and 
files.log.

   .Seth

--
Seth Hall * Corelight, Inc * www.corelight.com


More information about the Bro mailing list