[Bro] Newb with a couple questions
rjenkins at rmjconsulting.net
Thu Mar 14 06:21:26 PDT 2013
Is the tunnel log on by default?
Ron Jenkins (SnortCP,VCP 3 / 4,MCNE,CNE6,MCPS,MCNPS,CCNA)
RMJ Consulting, LLC.
"Bringing Companies and Solutions Together"
Owner / Senior Architect
11715 Bricksome Ave STE B-7
Baton Rouge, LA 70816
7575 Jefferson Hwy #103
Baton Rouge, LA 70806
Email. rjenkins at rmjconsulting.net
On Mar 14, 2013, at 8:19 AM, "Seth Hall" <seth at icir.org> wrote:
> On Mar 14, 2013, at 6:47 AM, MICHAEL WAITE <mfw113 at psu.edu> wrote:
>> I would not call the conn log redundant. The http and conn log are very different and have different data in them. Rather they complement each other.
> Additionally, the conn log seems to be getting more important over time. I've run into several sites already that aren't maintaining a conn.log and they might see tunnels being identified on their network (with the tunnel.log) but they don't know if any connections happened over the tunnel because that is indicated in the tunnel log.
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> Bro mailing list
> bro at bro-ids.org
More information about the Bro