[Bro] Basic Question

Seth Hall seth at icir.org
Thu Dec 6 06:51:31 PST 2012


On Dec 6, 2012, at 12:55 AM, Justin Thomas <justin at justinthomas.name> wrote:

> @event
> def ssl_conn_attempt(connection, version, ciphers):

Where did you get this event from?  That is an old event that was removed prior to the 2.0 release.  You can refer to the following link for all of our current (2.1 release) analyzer generated events:
	http://bro-ids.org/documentation/scripts/base/event.bif.html

Are you running Bro with BroControl in standalone mode too?  If you run a cluster and you only connect to your manager you won't see these events either because the protocol events aren't being generated on the manager.  It looks like you're doing the right things in your python script though.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/





More information about the Bro mailing list