[Bro] SMB files log

Luk Schoonaert luks at crimsoncore.be
Thu Nov 29 01:00:29 PST 2018


Hey guys,

I’m new to this mailing list - and I have a question about enabling the SMB analyser, I’m sure I’m missing something simple.

I enabled /opt/bro/share/bro/site/local.bro -> @load policy/protocols/smb

Running BRO 2.5.1 - I never get the smb_file.log, I do get these:

smb_cmd.log
smb_mapping.log

When I copy a file over SMB I;d expect ths smb_files.log to be populated - I’m sure I’m missing something very simple, anyone have an idea?

Many Thanks,
Luk
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181129/83e90038/attachment.html 


More information about the Bro mailing list