[Bro] SMTP entities log doesn't appears
C. L. Martinez
carlopmart at gmail.com
Fri Mar 28 00:03:32 PDT 2014
On Thu, Mar 27, 2014 at 3:42 PM, James Lay <jlay at slave-tothe-box.net> wrote:
> On 2014-03-27 08:53, C. L. Martinez wrote:
>> On Thu, Mar 27, 2014 at 2:36 PM, James Lay <jlay at slave-tothe-box.net>
>> wrote:
>>> On 2014-03-27 08:29, C. L. Martinez wrote:
>>>> Hi all,
>>>>
>>>> What can be the reason for smtp entities log file doesn't appears?
>>>> All works pretty well in my Bro cluster with this exception (all my
>>>> nodes are FreeBSD 10).
>>>>
>>>> Inside worker.bro policy I have:
>>>>
>>>> @load protocols/smtp/software
>>>> @load protocols/smtp/detect-suspicious-orig
>>>> @load protocols/smtp/entities-excerpt
>>>>
>>>> entities-excerpt calls base/protocols/smtp/entities, correct??
>>>>
>>>
>>> Check your checksums...add:
>>>
>>> broargs = --no-checksums
>>>
>>> to your broctl.conf or if you're starting bro manually add:
>>>
>>> --no-checksums
>>>
>>> to your command line.
>>>
>>
>> Uhmm .. Under worker.bro I have:
>>
>> # Process packets despite bad checksums.
>> redef ignore_checksums = T;
>>
>> Is this the same as to put "broargs = --no-checksums"??
>
> Ah...it appears you have this covered then.
>
Any more ideas please??
More information about the Bro
mailing list