[Bro] Newb with a couple questions
seth at icir.org
Thu Mar 14 06:09:22 PDT 2013
On Mar 14, 2013, at 6:47 AM, MICHAEL WAITE <mfw113 at psu.edu> wrote:
> I would not call the conn log redundant. The http and conn log are very different and have different data in them. Rather they complement each other.
Additionally, the conn log seems to be getting more important over time. I've run into several sites already that aren't maintaining a conn.log and they might see tunnels being identified on their network (with the tunnel.log) but they don't know if any connections happened over the tunnel because that is indicated in the tunnel log.
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro