Questions about bro policy files
jbabbin at comcast.net
Thu Jun 10 15:19:59 PDT 2004
I am trying to understand the language and examples of creating/editing
policy files.I have a couple of questions.
1) Does anyone in the list know of a good resource to use to better
understand how to create/edit the policy files is? Yes I have also
downloaded the archive for this list as well as the bro manual. But I'm
looking more for something along the lines of a heavily commented policy
file that would explain some of this language.
2) following up to the prvious question. If for example I wanted to break
out telnet logging from login.bro in order to record a record of just the
time, src ip, src port, direction, dst ip, dst port, eventually username
For example, then log that into a telnet connection log I'm not really
seeing this in the manual or in the other policy files.
Any help would be appreciated.
Thank you in advance,
More information about the Bro