Smtp.log missing x-originating-ip

James_inthe_box · January 19, 2016, 6:12pm

Topic says it...after a digging into this it appears my smtp.log is missing all x-originating-ip:

[18:11:06 ids:~/current$] head -n 40 smtp.log | bro-cut -d ts x_originating_ip
2016-01-18T23:58:31+0000 -
2016-01-18T23:58:34+0000 -
2016-01-18T23:58:32+0000 -
2016-01-18T23:58:35+0000 -
2016-01-18T23:58:39+0000 -
2016-01-18T23:58:46+0000 -
2016-01-18T23:58:52+0000 -
2016-01-18T23:59:02+0000 -
2016-01-18T23:59:04+0000 -

I can see the field in full packet captures. Any hints on what I'm missing? Thank you.

James

Seth_Hall3 · January 19, 2016, 8:53pm

Could you privately send along a couple of headers that it's messing up?

.Seth

Topic		Replies	Views
smtp.log field Zeek	1	78	May 6, 2022
Quick smtp-url-extraction question Zeek	13	113	May 6, 2022
question & meta-question regarding "path" field in smtp.log Development development	6	90	May 6, 2022
Blank HTTP logs Zeek	3	137	May 6, 2022
Bro 2.4.1 and issue with smtp-embedded-url-bloom.bro Zeek	6	67	May 6, 2022

Smtp.log missing x-originating-ip

Related topics