[Zeek] - HTTP extract files from wget
Justin Azoff
justin at corelight.com
Wed Mar 11 06:40:44 PDT 2020
What does the conn log entry look like?
On Wed, Mar 11, 2020 at 6:48 AM william de ping <bill.de.ping at gmail.com> wrote:
>
> Hi everyone,
>
> I've stumbled upon a weird issue using Zeek 3.0.
> Parsing traffic that has a file transfer over http using wget does not produce any file analysis.
>
> I do see the get_file_handle event were it says ANALYZER::ANALYZER_HTTP but no files.log is created and extract-all-files.zeek script does not produce the transferred file.
>
> am I missing something here ?
>
> Thanks
> B
>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
--
Justin
More information about the Zeek
mailing list