[Bro] Newb with a couple questions

MICHAEL WAITE mfw113 at psu.edu
Thu Mar 14 03:47:58 PDT 2013

I would not call the conn log redundant. The http and conn log are very different and have different data in them. Rather they complement each other. 


On Mar 13, 2013, at 18:31, James Lay <jlay at slave-tothe-box.net> wrote:

> On 2013-03-13 16:14, anthony kasza wrote:
>> Depending on what you are trying to accomplish, you can filter the
>> data by protocol after it's been written to the conn.log file with
>> bro-cut or awk.
>> -Anthony
> Hi Anthony,
> Ideally the protocols would be dropped before logging.  I already have 
> dns and http logging using Bro, so seeing them in the connections log 
> seems a tad redundant.  Thanks for the quick response.
> James
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list