[Bro] Origin data

Rober Fernández roberixion at gmail.com
Wed Oct 25 03:06:12 PDT 2017


hi,
when I try to capture the connection data, my origin data is not captured.
In wireshark it works. What is the problem? some kind of bro configuration?

-rw-r--r-- 1  183 oct 25 11:49 contents_X_resp.dat
-rw-r--r-- 1   0 oct 25 11:49 contents_X_orig.dat  <---- 0 bytes
-rw-r--r-- 1  183 oct 25 11:49 contents_X_resp.dat
-rw-r--r-- 1   0 oct 25 11:49 contents_X_orig.dat  <---- 0
-rw-r--r-- 1 183 oct 25 11:49 contents_X_resp.dat
-rw-r--r-- 1   0 oct 25 11:49 contents_X_orig.dat   <---- 0
-rw-r--r-- 1  2,8K oct 25 11:50 contents_X_resp.dat


Also, in http.log, doesn't appear the parameters, method, uri,host
1508923559.491507    CdS3HN1j2ou0LUObRb    X    59772    X    80    1
-    -    -    -    1.1    -    0    4685    200    OK    -    -
(empty)    -    --    -    -    -    F152dj2pHXhPN1wXng    -    image/jpeg
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171025/798f8128/attachment.html 


More information about the Bro mailing list