[Bro] smb analyzer does not seem to be enabled

Azoff, Justin S jazoff at illinois.edu
Thu Sep 22 07:54:00 PDT 2016


local.bro:

# Uncomment the following line to enable the SMB analyzer.  The analyzer
# is currently considered a preview and therefore not loaded by default.
# @load policy/protocols/smb

-- 
- Justin Azoff

> On Sep 22, 2016, at 10:36 AM, erik clark <philosnef at gmail.com> wrote:
> 
> Fresh built 25master, feeding bro a pcap with 445 traffic, no smb logs produced. Do you need to explicitly enable it somewhere?
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro




More information about the Bro mailing list