[Bro] Hui Lin_what policy is included into Bro by default

Hui Lin (Hugo) hlin33 at illinois.edu
Mon Feb 13 07:10:10 PST 2012


I think I post similar questions before to ask disable default log option.

Now, I am wondering what logs under which bro installation directories are
enabled by default. I am little confused on the Bro 2.0 policy script
hierarchy (so perhaps we should include this description in the

For example, I find a ssh bro policy under base/protocols/ssh and
policy/protocols/ssh. I guess the "base" one is for basic ssh event while
the "policy" one include some detection rules, such as bruteforce attacks.
If I want to use them, do I have to include them, or they are already been
included by default?



Hui Lin
Research Assistant
DEPEND Research Group, ECE Department
University of Illinois at Urbana-Champaign
hlin33 at illinois.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120213/ebda82ac/attachment.html 

More information about the Bro mailing list