Where to get detect-webapps log file?

Sachinji_Giri · June 21, 2019, 10:50am

Hi there,
I am using zeek in a container with hosts network. My bro/zeek version is following. Bold text are the commands that get executed in the container.

docker run --cap-add=NET_RAW --net=host --rm blacktop/zeek --version

bro version 2.6-255

I ran zeek with detect-webapps bro script from policy. I browsed a couple of phpadmin websites etc but I could not get any logs specific to detect-webapps.

docker run --cap-add=NET_RAW --net=host --rm blacktop/zeek -i ‘enp2s0’ protocols/http/detect-webapps

listening on enp2s0

Richard_Bejtlich · June 21, 2019, 4:10pm

Hello,

I don’t see a http.log. That implies that you may not have seen any HTTP traffic. Can you share a pcap of what you are watching?

Sincerely,

Richard

Sachinji_Giri · June 21, 2019, 4:15pm

Hi, sorry, there is http.log too. It got generated when browsed some of the data.

I am watching the interface with -i.

Sachinji_Giri · June 21, 2019, 4:18pm

*browsed some http websites and then http.log appears. what exactly the detect web apps log look like or it is just a part of http.log?? i really don’t know.

Topic		Replies	Views
MAC Address In Logs Zeek	9	584	May 6, 2022
Problem with trace file in Zeek Zeek	2	158	April 17, 2023
Log files Zeek	1	87	May 6, 2022
Running Script in a Cluster Zeek	2	59	May 6, 2022
Zeek install monitoring multiple interfaces, need interface in logs Zeek	3	433	May 6, 2022

Where to get detect-webapps log file?

docker run --cap-add=NET_RAW --net=host --rm blacktop/zeek --version

docker run --cap-add=NET_RAW --net=host --rm blacktop/zeek -i ‘enp2s0’ protocols/http/detect-webapps

Related Topics