[Bro] SMTP entities log doesn't appears
James Lay
jlay at slave-tothe-box.net
Thu Mar 27 08:42:43 PDT 2014
On 2014-03-27 08:53, C. L. Martinez wrote:
> On Thu, Mar 27, 2014 at 2:36 PM, James Lay <jlay at slave-tothe-box.net>
> wrote:
>> On 2014-03-27 08:29, C. L. Martinez wrote:
>>> Hi all,
>>>
>>> What can be the reason for smtp entities log file doesn't appears?
>>> All works pretty well in my Bro cluster with this exception (all my
>>> nodes are FreeBSD 10).
>>>
>>> Inside worker.bro policy I have:
>>>
>>> @load protocols/smtp/software
>>> @load protocols/smtp/detect-suspicious-orig
>>> @load protocols/smtp/entities-excerpt
>>>
>>> entities-excerpt calls base/protocols/smtp/entities, correct??
>>>
>>> Any idea??
>>> _______________________________________________
>>> Bro mailing list
>>> bro at bro-ids.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>> Check your checksums...add:
>>
>> broargs = --no-checksums
>>
>> to your broctl.conf or if you're starting bro manually add:
>>
>> --no-checksums
>>
>> to your command line.
>>
>
> Uhmm .. Under worker.bro I have:
>
> # Process packets despite bad checksums.
> redef ignore_checksums = T;
>
> Is this the same as to put "broargs = --no-checksums"??
Ah...it appears you have this covered then.
James
More information about the Bro
mailing list