[Bro] Hui Lin_SSH Analyzer

Hui Lin (Hugo) hlin33 at illinois.edu
Mon Jun 18 07:35:27 PDT 2012


In my experiment, I need to use SSH analyzer simply to record a successful
log in. I find that Bro comes with events, heuristic_successful_login,
heuristic_failed_login, in policy file /share/bro/base/protocol/main.bro.

When I test these two events with the default implementation, I find that
the log file always record a failed ssh log in to the system even if I log
in correctly by user/authentication. I want to check when these two events
are called, but I could not find ssh analyzer binpac code.

so I am wondering, how can I correctly record the ssh log in with
user/password authentication and with the user name logged in plain text.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120618/8c7944c5/attachment.html 

More information about the Bro mailing list