Seth Hall hall.692 at osu.edu
Fri Sep 12 05:44:19 PDT 2008

On Sep 12, 2008, at 8:33 AM, Jim Bo wrote:

> Is there a way to extract the incoming IP addresses on ports 80 and
> 443 and run the IP addresses through GeoIP.

That's more or less what the script does that I sent to the list.  
(except for port 443).  I guess I just don't know what end result  
you're looking to get.

> Also is there any sort of
> documentation or even books that I can look at / buy that would help
> me with this type of stuff so that I dont have to keep bothering you.

The best current documentation is in the slides and related exercises  
from Bro workshop that took place last summer.

A *little* bit of documentation about the libGeoIP support can be  
found here:

There is also a lot of good material to be found in the manuals:

Hopefully that helps.  Feel free to keep asking questions though.


More information about the Bro mailing list