[Bro] Newb with a couple questions

Ron Jenkins rjenkins at rmjconsulting.net
Thu Mar 14 03:54:59 PDT 2013


No such thing as too much logging. 

Ron Jenkins (SnortCP,VCP 3 / 4,MCNE,MCPS,MCNPS,CCNA)
RMJ Consulting, LLC.
"Bringing Companies and Solutions Together"
Owner / Senior Architect
Physical Address
11715 Bricksome Ave STE B-7
Baton Rouge, LA 70816
Mail Address
7575 Jefferson Hwy #103
Baton Rouge, LA 70806
Toll. 855-448-5214
Direct. 225-448-5214
Fax. 225-448-5324
Cell. 225-931-1632
Email. rjenkins at rmjconsulting.net
Web. http://www.rmjconsulting.net<http://www.rmjconsulting.net/>
http://www.linkedin.com/in/ronmjenkins

On Mar 14, 2013, at 5:50 AM, "MICHAEL WAITE" <mfw113 at psu.edu> wrote:

> I would not call the conn log redundant. The http and conn log are very different and have different data in them. Rather they complement each other. 
> 
> -Mike
> 
> On Mar 13, 2013, at 18:31, James Lay <jlay at slave-tothe-box.net> wrote:
> 
>> On 2013-03-13 16:14, anthony kasza wrote:
>>> Depending on what you are trying to accomplish, you can filter the
>>> data by protocol after it's been written to the conn.log file with
>>> bro-cut or awk.
>>> 
>>> -Anthony
>> 
>> Hi Anthony,
>> 
>> Ideally the protocols would be dropped before logging.  I already have 
>> dns and http logging using Bro, so seeing them in the connections log 
>> seems a tad redundant.  Thanks for the quick response.
>> 
>> James
>> 
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro




More information about the Bro mailing list