[Zeek] Where to get detect-webapps log file?
Sachinji Giri
sachin.giribuva at niyuj.com
Fri Jun 21 09:15:33 PDT 2019
Hi, sorry, there is http.log too. It got generated when browsed some of the
data.
I am watching the interface with -i.
On Fri 21 Jun, 2019, 9:40 PM Richard Bejtlich, <richard at corelight.com>
wrote:
> Hello,
>
> I don't see a http.log. That implies that you may not have seen any HTTP
> traffic. Can you share a pcap of what you are watching?
>
> Sincerely,
>
> Richard
>
> On Fri, Jun 21, 2019 at 6:58 AM Sachinji Giri <sachin.giribuva at niyuj.com>
> wrote:
>
>> Hi there,
>> I am using zeek in a container with hosts network. My bro/zeek version is
>> following. Bold text are the commands that get executed in the container.
>>
>> # docker run --cap-add=NET_RAW --net=host --rm blacktop/*zeek --version*
>> bro version 2.6-255
>>
>> I ran zeek with detect-webapps bro script from policy. I browsed a couple
>> of phpadmin websites etc but *I could not get any logs specific to
>> detect-webapps.*
>>
>> # docker run --cap-add=NET_RAW --net=host --rm blacktop/*zeek -i
>> 'enp2s0' protocols/http/detect-webapps*
>> listening on enp2s0
>> ~~~~~
>>
>> It runs forever and I got following log files :
>>
>> conn.log dns.log packet_filter.log weird.log
>> dhcp.log files.log ssl.log x509.log
>>
>> *Where to get detect-webapps log file?*
>>
>> *What does detect-webapps do and where it logs its data?*
>>
>> Any help will be much appreciated.
>> --
>> Regards,
>> Sachin Giri
>> _______________________________________________
>> Zeek mailing list
>> zeek at zeek.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>
>
>
> --
> Richard Bejtlich
> Principal Security Strategist, Corelight
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190621/bcdd5f73/attachment-0001.html
More information about the Zeek
mailing list