[Bro] SMTP entities log doesn't appears

James Lay jlay at slave-tothe-box.net
Tue Apr 1 16:28:04 PDT 2014 

On Tue, 2014-04-01 at 14:29 -0400, Seth Hall wrote:

> On Mar 28, 2014, at 3:03 AM, C. L. Martinez <carlopmart at gmail.com> wrote:
> 
> > Any more ideas please??
> 
> What version of Bro are you running? (2.1 I suppose?)
> 
> Also, are you positive that your script is being loaded by workers?
>   
>   .Seth
> 
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro


I can confirm this.

[17:26:20 @gateway:~/current$] bro --version
bro version 2.2

[17:26:47 @gateway:~/current$] ls -l
total 27420
-rw-r--r-- 1 root root  6322917 Apr  1 17:26 conn.log
-rw-r--r-- 1 root root     5882 Apr  1 17:06 dhcp.log
-rw-r--r-- 1 root root  6468780 Apr  1 17:27 dns.log
-rw-r--r-- 1 root root      451 Apr  1 12:48 dpd.log
-rw-r--r-- 1 root root  3269780 Apr  1 17:26 files.log
-rw-r--r-- 1 root root 11706144 Apr  1 17:26 http.log
-rw-r--r-- 1 root root      678 Apr  1 12:55 known_hosts.log
-rw-r--r-- 1 root root      419 Apr  1 03:00 known_services.log
-rw-r--r-- 1 root root    14606 Mar 31 23:58 loaded_scripts.log
-rw-r--r-- 1 root root      568 Mar 31 23:58 packet_filter.log
-rw-r--r-- 1 root root      494 Mar 31 23:58 reporter.log
-rw-r--r-- 1 root root   110446 Apr  1 17:15 smtp.log
-rw-r--r-- 1 root root    27098 Apr  1 17:24 software.log
-rw-r--r-- 1 root root     1956 Apr  1 16:36 ssh.log
-rw-r--r-- 1 root root      991 Apr  1 16:16 tunnel.log
-rw-r--r-- 1 root root    56270 Apr  1 17:24 weird.log

[17:27:05 @gateway:~/current$] cat loaded_scripts.log  | grep smtp
  /usr/local/bro/share/bro/base/protocols/smtp/__load__.bro
    /usr/local/bro/share/bro/base/protocols/smtp/main.bro
    /usr/local/bro/share/bro/base/protocols/smtp/entities.bro
    /usr/local/bro/share/bro/base/protocols/smtp/files.bro
  /usr/local/bro/share/bro/policy/protocols/smtp/software.bro

James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140401/4a8ac1ac/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140401/4a8ac1ac/attachment.bin

More information about the Bro mailing list