[
https://bro-tracker.atlassian.net/browse/BIT-1502?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=23007#comment-23007
]
Gavin Spearhead commented on BIT-1502:
--------------------------------------
The machine is just my workstation. Bro is running on a live capture. It's not
particularly busy, nor is there really a lot of traffic actually it's just
browsing. There is no ratelimiting. I've been running tcpdump and wireshark as
well and it doesn't look like there is anything missing. I ran a tcpdump for a
bit and pulled it through bro, then everything just works fine.
.cmdline says
-i eth0 -U .status -p broctl -p broctl-live -p standalone -p local -p bro
local.bro broctl broctl/standalone broctl/auto
I don't see anything particularly interesting in the logs. apart from
send-mail: SENDMAIL-NOTFOUND not found
> X509 doesn't log all certificates
> ---------------------------------
>
> Key: BIT-1502
> URL: https://bro-tracker.atlassian.net/browse/BIT-1502
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: 2.4
> Environment: test setup
> Reporter: Gavin Spearhead
> Assignee: Johanna Amann
> Labels: ssl
> Fix For: 2.5
>
>
> I'm trying to use bro to log all X509 certificate information for SSL / HTTPS
> connections. It seems however that not all certificates are logged in the
> x509.log. (or in files.log). However the connections are visible in the
> ssl.log. The setup is a basic install.
> E.g. https://facebook.com and https://twitter.com are not logged, whereas
> https://tweakers.net or https://api.twitter.com are logged. Is this a bug,
> feature? Any idea how to ensure all the certificates are stored?
--
This message was sent by Atlassian JIRA
(v7.1.0-OD-01-053#71000)
_______________________________________________
bro-dev mailing list
bro-dev@bro.org
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
