I am using security onion image 16.04.5.6. I am new to Bro and according to this in current folder I should be albe to find http.logs file. However I only see :
loaded_scripts.log reporter.log stderr.log
packet_filter.log stats.log stdout.log
I have found in FAQ here and when I use Bro as a Command-Line Utility I provide -C parameter I am able to see the http.log
But when I use BroCtl the http.log is missing I have tried to change
redef ignore_checksums = T;
but this option is missing in my local.bro file.
And the last FAQ solution seems to be working
sudo ethtool --offload enp0s3 rx off tx off
Cannot get device udp-fragmentation-offload settings: Operation not supported
Cannot get device udp-fragmentation-offload settings: Operation not supported
Actual changes:
tx-checksumming: off
tx-checksum-ip-generic: off
tcp-segmentation-offload: off
tx-tcp-segmentation: off [requested on]
However in my current folder I cannot find http.log.
Any ideas what I can do now or whast am I missing?