[Bro] FTP Filenames used for file size in some cases?
Michael Wenthold
michael.wenthold at gmail.com
Mon Jul 27 13:36:13 PDT 2015
It looks like Bro is logging part of the file name as the file size in some
cases.
I'm using Bro 2.3.2 on Cent 6.6 x64, libpcap 1.4.0.
What I'm seeing is that we have some regular FTP activity that looks like
this:
command
arg
file_size
RETR ftp://{ip}/DIR/SUBDIR\ARCHIVE/9254493514002F.TIF 9254493514002
RETR ftp://{ip}/DIR/SUBDIR\ARCHIVE/9254493514006R.TIF 9254493514006
RETR ftp://{ip}/DIR/SUBDIR\ARCHIVE/9254493514043F.TIF 9254493514043
My google fu might be off, but II'm going to be rolling out 2.4 but I can't
do it right away.
Michael
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150727/c1064714/attachment.html
More information about the Bro
mailing list