[Bro] bro files - network drive

[Vlad Grigorescu]

Izik Birka <Izik.Birka at hot.net.il> writes:

> Why when I only search file in network drive all the files in the
> network drive are written to files.log ?

I'm assuming you mean over SMB? More data than just file transfers is
logged because it can be useful for incident response.

> How can I detect a real file transfer ?

Take a look at the total_bytes and seen_bytes fields.

  --Vlad