[Bro] Log serial number in ssl.log
Robert Harrelson
bobharrelsons at gmail.com
Wed Mar 29 13:20:43 PDT 2017
How do I log the serial number of the certificate in ssl.log?
I tried to perform this in protocols/ssl/files.bro file at the event
ssl_established(), but this event is almost never called. This means that
issuer and subject also almost never get logged.
Is this because the handshake happens at line speed, but the certificate
does not get processed as fast, so the certificate details are almost never
available to Bro when it logs the handshake data in ssl.log?
Thanks,
Robert
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170329/4536ffef/attachment.html
More information about the Bro
mailing list