[Bro] Does x509.log contain the raw certificate?
Johanna Amann
johanna at icir.org
Mon Nov 28 14:55:46 PST 2016
Just to expand on this a bit - if you want the certificates dumped in pem
format, there also is a policy script for this that ships with Bro; you
can just load protocols/ssl/extract-certs-pem.bro.
Johanna
On Sat, Nov 19, 2016 at 04:06:21PM -0700, anthony kasza wrote:
> The certificates are not contained in any log file, just certificate meta
> data. To enable certificate extraction you need to enable the files
> framework which will write certificates to disk.
>
> -AK
>
> On Nov 19, 2016 2:53 PM, "Robert Harrelson" <bobharrelsons at gmail.com> wrote:
>
> > The log file x509.log contains parsed information from the X.509
> > certificate. However, I would like to know if the x509.log file contains
> > the raw X.509 certificate itself. If yes, how do I extract the certificate
> > from the log, not in real-time? Thanks
> >
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> >
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list