How do you configure an option in ./base/ in site/local.bro? For example “base/protocols/ftp/info.bro:11: option default_capture_password = F;” would like that to be set to T but don’t want to change it in a ./base/ file.
I see FTP traffic in connection log but there is no ftp.log generated. Must this be turned on.
Lastly (and sneaky third question), I am extracting all files types. I can extract the file via HTTP but am unable to extract the same over FTP. Must this be turned on for FTP and IRC?
1) How do you configure an option in ./base/ in site/local.bro? For example
"base/protocols/ftp/info.bro:11: option default_capture_password = F;"
would like that to be set to T but don't want to change it in a ./base/
file.
You have two options since you seem to be using 2.6. You can use the old "redef" style in local.bro like this...
2) I see FTP traffic in connection log but there is no ftp.log generated.
Must this be turned on.
Hm, no. It should be turned on by default. Feel free to paste a conn log line where you'd expect to see an FTP log but don't.
3) Lastly (and sneaky third question), I am extracting all files types. I
can extract the file via HTTP but am unable to extract the same over FTP.
Must this be turned on for FTP and IRC?
How are you doing the extraction for HTTP? If you'd coming at it from the Files framework then it's a very easy change. (there are several ways you could approach it)