[Bro] http-<x> and empty http.log
Reed Porada
rporada at ll.mit.edu
Thu Sep 27 07:50:25 PDT 2007
In trying to get the contents of http sessions, I have run http-
body.bro against a pcap, and there is not output to http.log. This
is the same with most http-<x> scripts, except http-reply. Looking
at the traces, I am seeing only 'connection_state_remove' from the
main HTTP module for http-body, http, etc. With http-reply, I see
the events in http-reply, and the 'connection_state_remove' as expected.
I am running 1.3.2 on Ubuntu.
I have looked at the pcap and run it against tcptrace, and all seems
good.
Any thoughts?
-Reed
More information about the Bro
mailing list