[Bro] SMTP entities log doesn't appears

Chris Fauerbach cf at npulsetech.com
Tue Apr 1 16:39:57 PDT 2014 

files.log should have all your file (http, email, etc) information in it,
since you're running bro 2.2



On Tue, Apr 1, 2014 at 7:28 PM, James Lay <jlay at slave-tothe-box.net> wrote:

>  On Tue, 2014-04-01 at 14:29 -0400, Seth Hall wrote:
>
> On Mar 28, 2014, at 3:03 AM, C. L. Martinez <carlopmart at gmail.com> wrote:
> > Any more ideas please??
>
> What version of Bro are you running? (2.1 I suppose?)
>
> Also, are you positive that your script is being loaded by workers?
>
>   .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a networkhttp://www.bro.org/
>
> _______________________________________________
> Bro mailing listbro at bro-ids.orghttp://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
> I can confirm this.
>
> [17:26:20 @gateway <jlay at gateway>:~/current$] bro --version
> bro version 2.2
>
> [17:26:47 @gateway <jlay at gateway>:~/current$] ls -l
> total 27420
> -rw-r--r-- 1 root root  6322917 Apr  1 17:26 conn.log
> -rw-r--r-- 1 root root     5882 Apr  1 17:06 dhcp.log
> -rw-r--r-- 1 root root  6468780 Apr  1 17:27 dns.log
> -rw-r--r-- 1 root root      451 Apr  1 12:48 dpd.log
> -rw-r--r-- 1 root root  3269780 Apr  1 17:26 files.log
> -rw-r--r-- 1 root root 11706144 Apr  1 17:26 http.log
> -rw-r--r-- 1 root root      678 Apr  1 12:55 known_hosts.log
> -rw-r--r-- 1 root root      419 Apr  1 03:00 known_services.log
> -rw-r--r-- 1 root root    14606 Mar 31 23:58 loaded_scripts.log
> -rw-r--r-- 1 root root      568 Mar 31 23:58 packet_filter.log
> -rw-r--r-- 1 root root      494 Mar 31 23:58 reporter.log
> -rw-r--r-- 1 root root   110446 Apr  1 17:15 smtp.log
> -rw-r--r-- 1 root root    27098 Apr  1 17:24 software.log
> -rw-r--r-- 1 root root     1956 Apr  1 16:36 ssh.log
> -rw-r--r-- 1 root root      991 Apr  1 16:16 tunnel.log
> -rw-r--r-- 1 root root    56270 Apr  1 17:24 weird.log
>
> [17:27:05 @gateway <jlay at gateway>:~/current$] cat loaded_scripts.log  |
> grep smtp
>   /usr/local/bro/share/bro/base/protocols/smtp/__load__.bro
>     /usr/local/bro/share/bro/base/protocols/smtp/main.bro
>     /usr/local/bro/share/bro/base/protocols/smtp/entities.bro
>     /usr/local/bro/share/bro/base/protocols/smtp/files.bro
>   /usr/local/bro/share/bro/policy/protocols/smtp/software.bro
>
> James
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>



-- 
-- 

--Chris Fauerbach


VP, Software Engineering

nPulse Technologies

*Network Forensics for the 10 Gig World*

http://www.npulsetech.com

703.969.2186
 cf at npulsetech.com

--------------------------------------
The information contained herein is for the exclusive use of the original
recipient.  This information is granted for limited distribution within the
recipient's organization for planning purposes only.  Further
dissemination, whether private or public, is prohibited and may be covered
under a non-disclosure agreement.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140401/ddd439b5/attachment.html

More information about the Bro mailing list