[Zeek] MAC Address In Logs
TQ
nothinrandom at gmail.com
Tue Feb 19 15:38:39 PST 2019
Thanks for reply Michael. So I went into
/usr/local/bro/share/bro/site/local.bro and uncommented this line: @load
policy/protocols/conn/mac-logging. I reran bro and checked all log files,
but none contain the MAC address. This is running on Zeek 2.6.1. I'm not
sure what to expect (i.e. two columns for source/destination MAC?). Maybe
I'm missing another step?
Thanks,
On Tue, Feb 19, 2019 at 6:30 AM Michael Shirk <shirkdog.bsd at gmail.com>
wrote:
> You need to add the following to your local.bro script to enable it,
> as it is not on by default:
>
> @load policy/protocols/conn/mac-logging
>
> On Tue, Feb 19, 2019 at 2:07 AM TQ <nothinrandom at gmail.com> wrote:
> >
> > Is there a way to include MAC address in all of the logs or custom
> written logs? I saw the documentation (
> https://docs.zeek.org/en/latest/scripts/policy/protocols/conn/mac-logging.bro.html),
> but didn't see any MAC addresses even though I could see them in Wireshark.
> >
> > Thanks,
> > _______________________________________________
> > Zeek mailing list
> > zeek at zeek.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>
>
>
> --
> Michael Shirk
> Daemon Security, Inc.
> https://www.daemon-security.com
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190219/100723cf/attachment.html
More information about the Zeek
mailing list