[Bro] http_request event
Vern Paxson
vern at icir.org
Sun Jun 19 19:53:35 PDT 2005
The next step is to record the traffic with tcpdump -w (using a snapshot
of -s 0 to capture entire packets) and then run bro against the trace using
bro -r trace rather than running it live. If it doesn't log any HTTP
session information, look at the trace using tcpdump -v -v to see whether
it *contains* any tcpdump traffic, and whether the traffic has valid
checksums.
Vern
More information about the Bro
mailing list