On 9 Mar 2018, at 15:54, James Lay wrote: > So any chance we can get 5985 added to the list of "http" ports to > parse, thank you. No need. Bro should automatically detect HTTP and add the analyzer. If it isn't working correctly then I think we can view that as a bug. .Seth -- Seth Hall * Corelight, Inc * www.corelight.com