[Bro] SMTP entities log doesn't appears
C. L. Martinez
carlopmart at gmail.com
Thu Mar 27 07:53:14 PDT 2014
On Thu, Mar 27, 2014 at 2:36 PM, James Lay <jlay at slave-tothe-box.net> wrote:
> On 2014-03-27 08:29, C. L. Martinez wrote:
>> Hi all,
>>
>> What can be the reason for smtp entities log file doesn't appears?
>> All works pretty well in my Bro cluster with this exception (all my
>> nodes are FreeBSD 10).
>>
>> Inside worker.bro policy I have:
>>
>> @load protocols/smtp/software
>> @load protocols/smtp/detect-suspicious-orig
>> @load protocols/smtp/entities-excerpt
>>
>> entities-excerpt calls base/protocols/smtp/entities, correct??
>>
>> Any idea??
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
> Check your checksums...add:
>
> broargs = --no-checksums
>
> to your broctl.conf or if you're starting bro manually add:
>
> --no-checksums
>
> to your command line.
>
Uhmm .. Under worker.bro I have:
# Process packets despite bad checksums.
redef ignore_checksums = T;
Is this the same as to put "broargs = --no-checksums"??
More information about the Bro
mailing list