[Bro] "hash-all-files", er, doesn't?
Glenn Forbes Fleming Larratt
gl89 at cornell.edu
Fri Nov 21 05:27:24 PST 2014
Folks,
Fairly new bro user, still figuring things out.
I recent changed my local.bro file to call hash-all-files, viz.:
======
#### Network File Handling ####
# Enable MD5 and SHA1 hashing for all files.
@load frameworks/files/hash-all-files
======
, and I've confirmed that it seems to be loading - "broctl check" seems to
return OK, and errors out if I tweak the path so it's invalid. However,
I'm not seeing any checksums in the logs/YYYY-MM-DD/file.* files or
anywhere else.
Is there another piece I need configure? Might I be looking in the wrong
place? Is there any telemmetry I can bring to bear to debug this?
Thanks for any info or assistance,
--
Glenn Forbes Fleming Larratt
Cornell University IT Security Office
More information about the Bro
mailing list