[Bro] - http$host diff between bro and broctl
william de ping
bill.de.ping at gmail.com
Thu Jun 22 06:46:14 PDT 2017
Thank you ! it turns out to be checksum
B
On Thu, Jun 22, 2017 at 12:17 AM, Azoff, Justin S <jazoff at illinois.edu>
wrote:
>
> > On Jun 21, 2017, at 12:29 PM, william de ping <bill.de.ping at gmail.com>
> wrote:
> >
> > Hi all,
> >
> > Scenario 1 : bro instance on my local interface + browsing to
> www.bbc.com
> > Scenario 2 : bro cluster with a single Worker on my local interface +
> browsing to www.cnn.com
> >
> > in http.log,
> > on the 1st scenario, the host field is initialized with www.bbc.com
> > on the 2nd scenario, the host field is NOT initialized
> >
> > I'm running bro 2.5
> >
> > Is there any explanation for the diff ?
>
> You're probably starting bro differently in the two cases.
>
> https://www.bro.org/documentation/faq.html#why-
> isn-t-bro-producing-the-logs-i-expect-a-note-about-checksums
>
> --
> - Justin Azoff
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170622/8921b8d0/attachment.html
More information about the Bro
mailing list