files.log filename column is blank

Hi,

I notice there is a filename column in the file.log but it is always empty whether I am doing HTTP transfer or FTP transfer in the network.

Why is this the case ?

Also when files are transferred over FTP do they show up in the files.log? Because I transferred some files over FTP but even though ftp.log is generated, there is no corresponding entry in files.log

What am I doing wrong ?

Regards

Vikram

Hi Vikram,

I notice there is a filename column in the file.log but it is always empty whether I am doing HTTP transfer or FTP transfer in the network.

I am just going to refer back to a previous answer of this question:
http://mailman.icsi.berkeley.edu/pipermail/bro/2014-April/006893.html

(Short answer: because we don't have a reliable filename).

Also when files are transferred over FTP do they show up in the files.log? Because I transferred some files over FTP but even though ftp.log is generated, there is no corresponding entry in files.log

No, I think they don't. If I remember it correctly this is due to the fact
that FTP uses separate connections for transferring the data, which (when
using clustering) will probably be handled by a different Bro worker than
the one handling the original connection; the other worker has no idea
that this is an FTP data connection.

I hope this helps,
Johanna