[Bro] Quick smtp-url-extraction question
James Lay
jlay at slave-tothe-box.net
Thu Aug 7 09:26:25 PDT 2014
Hey all,
So here's the run:
sudo bro -C -r ../captures/email.pcapng
/usr/local/bro/share/bro/policy/frameworks/intel/seen/smtp-url-extraction.bro
and list of files generated:
-rw-r--r-- 1 root root 12419 Aug 7 10:18 conn.log
-rw-r--r-- 1 root root 0 Aug 7 10:18 debug.log
-rw-r--r-- 1 root root 12586 Aug 7 10:18 files.log
-rw-r--r-- 1 root root 253 Aug 7 10:18 packet_filter.log
-rw-r--r-- 1 root root 39557 Aug 7 10:18 smtp.log
-rw-r--r-- 1 root root 7936 Aug 7 10:18 ssl.log
-rw-r--r-- 1 root root 8608 Aug 7 10:18 x509.log
For the life of me I'm unable to find where the links might be at. One
of the links in the pcap has 88EX336W4062X11N55206638L1122194955 in
it...this string shows up no where in any of the logs...is there a step
I'm missing with this? Thank you.
James
More information about the Bro
mailing list