[Bro] Smtp.log missing x-originating-ip
James Lay
jlay at slave-tothe-box.net
Tue Jan 19 10:12:55 PST 2016
Topic says it...after a digging into this it appears my smtp.log is
missing all x-originating-ip:
[18:11:06 ids:~/current$] head -n 40 smtp.log | bro-cut -d ts
x_originating_ip
2016-01-18T23:58:31+0000 -
2016-01-18T23:58:34+0000 -
2016-01-18T23:58:32+0000 -
2016-01-18T23:58:35+0000 -
2016-01-18T23:58:39+0000 -
2016-01-18T23:58:46+0000 -
2016-01-18T23:58:52+0000 -
2016-01-18T23:59:02+0000 -
2016-01-18T23:59:04+0000 -
I can see the field in full packet captures. Any hints on what I'm
missing? Thank you.
James
More information about the Bro
mailing list