Hi
I installed the critical-stack agent
I pulled the feeds and the master file was created successfully
But when I trying to test it , and connect to forbidden address , I’m not getting the log in the intel.log like I should
Actually there is no file “intel.log”
What am I missing ?
I was following this article https://intel.criticalstack.com/client/0-4-x/usage
I can't read their article because it needs a log in. That being said -
assuming you follow steps similar to
https://www.bro.org/sphinx-git/frameworks/intel.html, especially the redef
Intel::read_files part, data should be read in by Bro and the intel.log
should get generated.
If it does not, check if you have a reporter.log that complains about
issues reading the file.
Johanna