[Bro] smb_cmd.log
william de ping
bill.de.ping at gmail.com
Sun May 14 21:11:08 PDT 2017
Hi Izik,
in share/bro/policy/protocols/smb/main.smb
look for write_cmd_log =F, if you change it to T, it will start the
printing.
good luck
B
On Sun, May 14, 2017 at 10:28 AM, Izik Birka <Izik.Birka at hot.net.il> wrote:
> Hi
>
> I enable SMB detection
>
> I have smb_file.log and smb_mapping.log
>
> But I don’t have the smb_cmd.log , why is that ?
>
>
>
> thanks
>
> This message (including any attachments) is intended only for the use of
> the individual or entity to which it is addressed and may contain materials
> protected by copyright or information that is non-public, proprietary,
> privileged, confidential, and exempt from disclosure under applicable law
> or agreement. If you are not the intended recipient, you are hereby
> notified that any use, dissemination, distribution, or copying of this
> communication is strictly prohibited. If you have received this
> communication by error, notify the sender immediately and delete this
> message immediately. Thank you.
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170515/ce618f7b/attachment.html
More information about the Bro
mailing list