[Bro] NO DHCP.log
Zafar Pravaiz
zpravaiz at aus.edu
Fri Feb 26 09:32:46 PST 2016
> On Feb 26, 2016, at 9:18 PM, Johanna Amann <johanna at icir.org> wrote:
>
> Hello,
>
> On Fri, Feb 26, 2016 at 10:00:25AM +0400, Zafar Pravaiz wrote:
>> I am running SO 14.04. This is just capturing DNS and DHCP traffic on a
>> span port. Recently i ran soup and reboot the box. After that i have
>> noticed no DHCP log is showing up in bro log. i can see known_services
>> shows DHCP as service but there no dhcp.log file being generate. Any
>> clue what went wrong?
>
> On a first glance I do not really have any idea what went wrong, but there
> are a few things to check -
>
> * just to verify, dns.log is still being written correctly?
>
Yes dns.log being update as expected.
> * could you check that you see dhcp connections in conn.log? They should
> be tagged with dhcp in the service field.
>
yes i can see conn.log getting entries for DHCP
> and
>
> * could you verify that loaded_scripts.log contains
> scripts/base/protocols/dhcp?
>
These are the scripts are being loaded
/opt/bro/share/bro/base/bif/plugins/Bro_DHCP.events.bif.bro
/opt/bro/share/bro/base/protocols/dhcp/__load__.bro
/opt/bro/share/bro/base/protocols/dhcp/consts.bro
/opt/bro/share/bro/base/protocols/dhcp/main.bro
/opt/bro/share/bro/base/protocols/dhcp/utils.bro
> Johanna
More information about the Bro
mailing list