Where to get detect-webapps log file?

Sachinji_Giri · June 21, 2019, 10:50am

Hi there,
I am using zeek in a container with hosts network. My bro/zeek version is following. Bold text are the commands that get executed in the container.

docker run --cap-add=NET_RAW --net=host --rm blacktop/zeek --version

bro version 2.6-255

I ran zeek with detect-webapps bro script from policy. I browsed a couple of phpadmin websites etc but I could not get any logs specific to detect-webapps.

docker run --cap-add=NET_RAW --net=host --rm blacktop/zeek -i ‘enp2s0’ protocols/http/detect-webapps

listening on enp2s0

Richard_Bejtlich · June 21, 2019, 4:10pm

Hello,

I don’t see a http.log. That implies that you may not have seen any HTTP traffic. Can you share a pcap of what you are watching?

Sincerely,

Richard

Sachinji_Giri · June 21, 2019, 4:15pm

Hi, sorry, there is http.log too. It got generated when browsed some of the data.

I am watching the interface with -i.

Sachinji_Giri · June 21, 2019, 4:18pm

*browsed some http websites and then http.log appears. what exactly the detect web apps log look like or it is just a part of http.log?? i really don’t know.

Topic		Replies	Views
Another zeek.http log question Zeek training	2	260	October 9, 2023
Analysing PCAPNG files from Wireshark traffic captured with Zeek or Spicy Zeek	6	1210	April 11, 2023
OS Fingerprinting Zeek	2	279	May 6, 2022
http.log and dns.log missing Zeek	1	95	May 6, 2022
MAC Address In Logs Zeek	9	897	May 6, 2022

Where to get detect-webapps log file?

docker run --cap-add=NET_RAW --net=host --rm blacktop/zeek --version

docker run --cap-add=NET_RAW --net=host --rm blacktop/zeek -i ‘enp2s0’ protocols/http/detect-webapps

Related topics