[Bro] SMB files log

Seth Hall seth at corelight.com
Fri Nov 30 06:54:12 PST 2018


Are you sure that you have activity occurring that would result in the 
smb_files.log being created?

   .Seth

On 29 Nov 2018, at 4:00, Luk Schoonaert wrote:

> Hey guys,
>
> I’m new to this mailing list - and I have a question about enabling 
> the SMB analyser, I’m sure I’m missing something simple.
>
> I enabled /opt/bro/share/bro/site/local.bro -> @load 
> policy/protocols/smb
>
> Running BRO 2.5.1 - I never get the smb_file.log, I do get these:
>
> smb_cmd.log
> smb_mapping.log
>
> When I copy a file over SMB I;d expect ths smb_files.log to be 
> populated - I’m sure I’m missing something very simple, anyone 
> have an idea?
>
> Many Thanks,
> Luk
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

--
Seth Hall * Corelight, Inc * www.corelight.com


More information about the Bro mailing list