What does the conn log entry look like?
On Wed, Mar 11, 2020 at 6:48 AM william de ping <bill.de.ping(a)gmail.com> wrote:
I've stumbled upon a weird issue using Zeek 3.0.
Parsing traffic that has a file transfer over http using wget does not produce any file
I do see the get_file_handle event were it says ANALYZER::ANALYZER_HTTP but no files.log
is created and extract-all-files.zeek script does not produce the transferred file.
am I missing something here ?
Zeek mailing list