[Bro-Dev] question & meta-question regarding "path" field in smtp.log

Vern Paxson vern at icir.org
Thu Dec 1 02:37:42 PST 2011


> Yes, it's the path derived from the received headers and it's in reverse
> order where the actual message originator would be found at the right side
> and the receiver would be at the left.

But what about adding the client & server?  Are those added separately?
It would appear so, though I'm not sure that's the right thing to do.
It muddles the semantics somewhat, and also isn't necessary as the
client & server info are available from other fields.

		Vern


More information about the bro-dev mailing list