[Bro] files.log - no filename over http

Izik Birka Izik.Birka at hot.net.il
Tue Aug 21 07:21:42 PDT 2018 

Hi
Why when I download file over HTTP bro doesn't extract the filename ?

Here's the http & files log :

srv at srv:/nsm/bro/logs/current$ tail -f http_br0.log  | grep 192.168.1.1
1534860833.865081       CxLm9G4WxaJ6Z0zqIh      192.168.1.1     31451   77.138.188.44     8080    1       GET     77.138.188.44   http://77.138.188.44/Browsing.exe       http://77.138.188.44/   1.1     Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.181 Safari/537.36   0       506576  200     OK      -       -       (empty) -       -       PROXY-CONNECTION -> keep-alive  -       -       -       FI7yey3gl5U0JXLnji      -    application/x-dosexec

srv at srv:/nsm/bro/logs/current$ tail -f files.log  | grep 192.168.1.1
1534860834.713869       FI7yey3gl5U0JXLnji      77.138.188.44     192.168.1.1     CxLm9G4WxaJ6Z0zqIh      HTTP    0       PE,SHA1,MD5     application/x-dosexec   -       0.189665        F       F       506576  506576  0       0       F    -ea845778462ef5bd2bbf68381df324ca        4af433d0c22067d921c912deae87619b262262f3        -       -

[Enjoy]<http://www.hot.net.il/>

איציק בירקה
רכז תחום אבטחת מידע מערכות מידע
חטיבת מערכות מידע
077-7077790 | 053-6064571

P  חשבו על הסביבה בטרם תדפיסו מייל זה


[Enjoy]<http://magazine.hot.net.il/%D7%90%D7%99%D7%98-%D7%92%D7%99%D7%A8%D7%9C%D7%96-4-%D7%A4%D7%A8%D7%A7-1/>

This message (including any attachments) is intended only for the use of the individual or entity to which it is addressed and may contain materials protected by copyright or information that is non-public, proprietary, privileged, confidential, and exempt from disclosure under applicable law or agreement.

If you are not the intended recipient, you are hereby notified that any use, dissemination, distribution, or copying of this communication is strictly prohibited. If you have received this communication by error, notify the sender immediately and delete this message immediately.

Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180821/e6cf3885/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.jpg
Type: image/jpeg
Size: 18831 bytes
Desc: image001.jpg
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180821/e6cf3885/attachment-0002.jpg 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image002.jpg
Type: image/jpeg
Size: 42532 bytes
Desc: image002.jpg
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180821/e6cf3885/attachment-0003.jpg

More information about the Bro mailing list