Hello,
I need to parse LDAP messages from a pcap. So what I did is I tried to
search for some Bro's events of LDAP but I failed. So I was wondering if
there's some and that I missed them. If no, how can I then code a dissector
of ldap easily so I could use it in events that I have to implement?
Thank you for your help and keep up the good work!
ᐧ
[ https://bro-tracker.atlassian.net/browse/BIT-1502?page=com.atlassian.jira.p… ]
Gavin Spearhead commented on BIT-1502:
--------------------------------------
Adding it seems to give much better results. Thanx
> X509 doesn't log all certificates
> ---------------------------------
>
> Key: BIT-1502
> URL: https://bro-tracker.atlassian.net/browse/BIT-1502
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: 2.4
> Environment: test setup
> Reporter: Gavin Spearhead
> Assignee: Johanna Amann
> Labels: ssl
> Fix For: 2.5
>
>
> I'm trying to use bro to log all X509 certificate information for SSL / HTTPS connections. It seems however that not all certificates are logged in the x509.log. (or in files.log). However the connections are visible in the ssl.log. The setup is a basic install.
> E.g. https://facebook.com and https://twitter.com are not logged, whereas https://tweakers.net or https://api.twitter.com are logged. Is this a bug, feature? Any idea how to ensure all the certificates are stored?
--
This message was sent by Atlassian JIRA
(v7.1.0-OD-01-053#71000)
[ https://bro-tracker.atlassian.net/browse/BIT-1502?page=com.atlassian.jira.p… ]
Gavin Spearhead commented on BIT-1502:
--------------------------------------
I guess not. It's started through broctl
bash /opt/bro/share/broctl/scripts/run-bro -1 -i eth0 -U .status -p broctl -p broctl-live -p standalone -p local -p bro local.bro broctl broctl/standalone broctl/auto
/opt/bro/bin/bro -i eth0 -U .status -p broctl -p broctl-live -p standalone -p local -p bro local.bro broctl broctl/standalone broctl/auto
/opt/bro/bin/bro -i eth0 -U .status -p broctl -p broctl-live -p standalone -p local -p bro local.bro broctl broctl/standalone broctl/auto
> X509 doesn't log all certificates
> ---------------------------------
>
> Key: BIT-1502
> URL: https://bro-tracker.atlassian.net/browse/BIT-1502
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: 2.4
> Environment: test setup
> Reporter: Gavin Spearhead
> Assignee: Johanna Amann
> Labels: ssl
> Fix For: 2.5
>
>
> I'm trying to use bro to log all X509 certificate information for SSL / HTTPS connections. It seems however that not all certificates are logged in the x509.log. (or in files.log). However the connections are visible in the ssl.log. The setup is a basic install.
> E.g. https://facebook.com and https://twitter.com are not logged, whereas https://tweakers.net or https://api.twitter.com are logged. Is this a bug, feature? Any idea how to ensure all the certificates are stored?
--
This message was sent by Atlassian JIRA
(v7.1.0-OD-01-053#71000)