Questions about bro policy files

jbabbin jbabbin at comcast.net
Thu Jun 10 15:19:59 PDT 2004


List:
I am trying to understand the language and examples of  creating/editing
policy files.I have a couple of questions.
1) Does anyone in the list know of a good resource to use to better
understand how to create/edit the policy files is? Yes I have also
downloaded the archive for this list as well as the bro manual. But I'm
looking more for something along the lines of a heavily commented policy
file that would explain some of this language.
2) following up to the prvious question. If for example I wanted to break
out telnet logging from login.bro in order to record a record of just the
connection.
time, src ip, src port, direction, dst ip, dst port, eventually username
For example, then log that into a telnet connection log I'm not really
seeing this in the manual or in the other policy files.

Any help would be appreciated.

Thank you in advance,
Jake Babbin





More information about the Bro mailing list