[Bro] SMTP entities log doesn't appears
James Lay
jlay at slave-tothe-box.net
Tue Apr 1 19:59:19 PDT 2014
On Tue, 2014-04-01 at 19:39 -0400, Chris Fauerbach wrote:
> files.log should have all your file (http, email, etc) information in
> it, since you're running bro 2.2
>
>
>
>
>
>
> On Tue, Apr 1, 2014 at 7:28 PM, James Lay <jlay at slave-tothe-box.net>
> wrote:
>
> On Tue, 2014-04-01 at 14:29 -0400, Seth Hall wrote:
>
> > On Mar 28, 2014, at 3:03 AM, C. L. Martinez <carlopmart at gmail.com> wrote:
> >
> > > Any more ideas please??
> >
> > What version of Bro are you running? (2.1 I suppose?)
> >
> > Also, are you positive that your script is being loaded by workers?
> >
> > .Seth
> >
> > --
> > Seth Hall
> > International Computer Science Institute
> > (Bro) because everyone has a network
> > http://www.bro.org/
> >
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
> I can confirm this.
>
> [17:26:20 @gateway:~/current$] bro --version
> bro version 2.2
>
> [17:26:47 @gateway:~/current$] ls -l
> total 27420
> -rw-r--r-- 1 root root 6322917 Apr 1 17:26 conn.log
> -rw-r--r-- 1 root root 5882 Apr 1 17:06 dhcp.log
> -rw-r--r-- 1 root root 6468780 Apr 1 17:27 dns.log
> -rw-r--r-- 1 root root 451 Apr 1 12:48 dpd.log
> -rw-r--r-- 1 root root 3269780 Apr 1 17:26 files.log
> -rw-r--r-- 1 root root 11706144 Apr 1 17:26 http.log
> -rw-r--r-- 1 root root 678 Apr 1 12:55 known_hosts.log
> -rw-r--r-- 1 root root 419 Apr 1 03:00
> known_services.log
> -rw-r--r-- 1 root root 14606 Mar 31 23:58
> loaded_scripts.log
> -rw-r--r-- 1 root root 568 Mar 31 23:58 packet_filter.log
> -rw-r--r-- 1 root root 494 Mar 31 23:58 reporter.log
> -rw-r--r-- 1 root root 110446 Apr 1 17:15 smtp.log
> -rw-r--r-- 1 root root 27098 Apr 1 17:24 software.log
> -rw-r--r-- 1 root root 1956 Apr 1 16:36 ssh.log
> -rw-r--r-- 1 root root 991 Apr 1 16:16 tunnel.log
> -rw-r--r-- 1 root root 56270 Apr 1 17:24 weird.log
>
> [17:27:05 @gateway:~/current$] cat loaded_scripts.log | grep
> smtp
> /usr/local/bro/share/bro/base/protocols/smtp/__load__.bro
> /usr/local/bro/share/bro/base/protocols/smtp/main.bro
> /usr/local/bro/share/bro/base/protocols/smtp/entities.bro
> /usr/local/bro/share/bro/base/protocols/smtp/files.bro
> /usr/local/bro/share/bro/policy/protocols/smtp/software.bro
>
> James
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
>
>
>
>
>
> --
>
> --
>
> --Chris Fauerbach
>
>
> VP, Software Engineering
>
> nPulse Technologies
>
> Network Forensics for the 10 Gig World
>
> http://www.npulsetech.com
>
> 703.969.2186
>
>
> cf at npulsetech.com
>
>
> --------------------------------------
> The information contained herein is for the exclusive use of the
> original recipient. This information is granted for limited
> distribution within the recipient's organization for planning purposes
> only. Further dissemination, whether private or public, is prohibited
> and may be covered under a non-disclosure agreement.
>
Thanks for the quick answer Chris and Seth.
James
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140401/8231982b/attachment.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 490 bytes
Desc: This is a digitally signed message part
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140401/8231982b/attachment.bin
More information about the Bro
mailing list