Where to get detect-webapps log file?

Hi there,
I am using zeek in a container with hosts network. My bro/zeek version is following. Bold text are the commands that get executed in the container.

docker run --cap-add=NET_RAW --net=host --rm blacktop/zeek --version

bro version 2.6-255

I ran zeek with detect-webapps bro script from policy. I browsed a couple of phpadmin websites etc but I could not get any logs specific to detect-webapps.

docker run --cap-add=NET_RAW --net=host --rm blacktop/zeek -i ‘enp2s0’ protocols/http/detect-webapps

listening on enp2s0


I don’t see a http.log. That implies that you may not have seen any HTTP traffic. Can you share a pcap of what you are watching?



Hi, sorry, there is http.log too. It got generated when browsed some of the data.

I am watching the interface with -i.

*browsed some http websites and then http.log appears. what exactly the detect web apps log look like or it is just a part of http.log?? i really don’t know.