[Zeek] Where to get detect-webapps log file?

Sachinji Giri sachin.giribuva at niyuj.com
Fri Jun 21 09:18:42 PDT 2019 

*browsed some http websites and then http.log appears. what exactly the
detect web apps log look like or it is just a part of http.log?? i really
don't know.

On Fri 21 Jun, 2019, 9:45 PM Sachinji Giri, <sachin.giribuva at niyuj.com>
wrote:

> Hi, sorry, there is http.log too. It got generated when browsed some of
> the data.
>
>  I am watching the interface with -i.
>
> On Fri 21 Jun, 2019, 9:40 PM Richard Bejtlich, <richard at corelight.com>
> wrote:
>
>> Hello,
>>
>> I don't see a http.log. That implies that you may not have seen any HTTP
>> traffic. Can you share a pcap of what you are watching?
>>
>> Sincerely,
>>
>> Richard
>>
>> On Fri, Jun 21, 2019 at 6:58 AM Sachinji Giri <sachin.giribuva at niyuj.com>
>> wrote:
>>
>>> Hi there,
>>> I am using zeek in a container with hosts network. My bro/zeek version
>>> is following. Bold text are the commands that get executed in the container.
>>>
>>> # docker run --cap-add=NET_RAW --net=host --rm blacktop/*zeek
>>>  --version*
>>> bro version 2.6-255
>>>
>>> I ran zeek with detect-webapps bro script from policy. I browsed a
>>> couple of phpadmin websites etc but *I could not get any logs specific
>>> to detect-webapps.*
>>>
>>> # docker run --cap-add=NET_RAW --net=host --rm blacktop/*zeek  -i
>>> 'enp2s0' protocols/http/detect-webapps*
>>> listening on enp2s0
>>> ~~~~~
>>>
>>> It runs forever and I got following log files :
>>>
>>> conn.log           dns.log            packet_filter.log  weird.log
>>> dhcp.log           files.log          ssl.log            x509.log
>>>
>>> *Where to get detect-webapps log file?*
>>>
>>> *What does detect-webapps do and where it logs its data?*
>>>
>>> Any help will be much appreciated.
>>> --
>>> Regards,
>>> Sachin Giri
>>> _______________________________________________
>>> Zeek mailing list
>>> zeek at zeek.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>>
>>
>>
>> --
>> Richard Bejtlich
>> Principal Security Strategist, Corelight
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20190621/245a6277/attachment.html

More information about the Zeek mailing list