[Bro-Dev] question & meta-question regarding "path" field in smtp.log
Seth Hall
seth at icir.org
Wed Nov 30 20:09:55 PST 2011
On Nov 30, 2011, at 6:24 PM, Vern Paxson wrote:
> The question is: what's the semantics of this log field? In the
> trace slice I'm looking at, it's just the server,client. Is it meant
> to have the Received chain?
I forgot to answer this question too. Yes, it's the path derived from the received headers and it's in reverse order where the actual message originator would be found at the right side and the receiver would be at the left.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list