[Bro] Newb with a couple questions

James Lay jlay at slave-tothe-box.net
Wed Mar 13 15:24:07 PDT 2013

On 2013-03-13 16:14, anthony kasza wrote:
> Depending on what you are trying to accomplish, you can filter the
> data by protocol after it's been written to the conn.log file with
> bro-cut or awk.
> -Anthony

Hi Anthony,

Ideally the protocols would be dropped before logging.  I already have 
dns and http logging using Bro, so seeing them in the connections log 
seems a tad redundant.  Thanks for the quick response.


More information about the Bro mailing list