SMB::write_cmd_log not documented

Description

Using Bro 2.5, the smb_cmd.log will only be produced if SMB::write_cmd_log is redefined to true, but this doesn't seem to be reflected anywhere in the documentation. Documenting this would make for a better user experience.

Environment

None

Activity

Show:
Brian Waskiewicz
April 28, 2017, 4:13 AM

Ideally it would be included in the documentation of the smb_cmd.log as well.

Johanna Amann
April 28, 2017, 4:21 AM

Do you know an appropriate place in the documentation where that would fit? Would just adding a (disabled by default) in https://www.bro.org/sphinx/script-reference/log-files.html be enough?

Brian Waskiewicz
April 28, 2017, 4:25 AM

(disabled by default, see SMB::write_cmd_log to enable) sounds good

Johanna Amann
April 28, 2017, 4:27 AM

I might just try starting out with (disabled by default) to not break the table formatting, but make it a link, to see how that looks, if that works for you too

Seth Hall
July 13, 2017, 12:41 AM

I think that we should actually turn the SMB cmd log into a policy script. It was never intended to be a user oriented log and we certainly went in a weird direction with it by having it disabled the way that it is.

This could be a nice change along-side the change to move all of the SMB scripts into base/ and enable them by default.

Fixed

Assignee

Jon Siwek

Reporter

Brian Waskiewicz

Labels

None

External issue ID

None

Components

Fix versions

Affects versions

Priority

Normal