[Bro] Hui Lin_SSH Analyzer
Hui Lin (Hugo)
hlin33 at illinois.edu
Mon Jun 18 07:35:27 PDT 2012
In my experiment, I need to use SSH analyzer simply to record a successful
log in. I find that Bro comes with events, heuristic_successful_login,
heuristic_failed_login, in policy file /share/bro/base/protocol/main.bro.
When I test these two events with the default implementation, I find that
the log file always record a failed ssh log in to the system even if I log
in correctly by user/authentication. I want to check when these two events
are called, but I could not find ssh analyzer binpac code.
so I am wondering, how can I correctly record the ssh log in with
user/password authentication and with the user name logged in plain text.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro