[Bro] Newb with a couple questions

Ron Jenkins rjenkins at rmjconsulting.net
Thu Mar 14 06:21:26 PDT 2013


Is the tunnel log on by default?


Ron Jenkins (SnortCP,VCP 3 / 4,MCNE,CNE6,MCPS,MCNPS,CCNA)
RMJ Consulting, LLC.
"Bringing Companies and Solutions Together"
Owner / Senior Architect
Physical Address
11715 Bricksome Ave STE B-7
Baton Rouge, LA 70816
Mail Address
7575 Jefferson Hwy #103
Baton Rouge, LA 70806
Office. 225-448-5214
Fax. 225-448-5324
Cell. 225-931-1632
Email. rjenkins at rmjconsulting.net
Web. http://www.rmjconsulting.net<http://www.rmjconsulting.net/>

On Mar 14, 2013, at 8:19 AM, "Seth Hall" <seth at icir.org> wrote:

> On Mar 14, 2013, at 6:47 AM, MICHAEL WAITE <mfw113 at psu.edu> wrote:
>> I would not call the conn log redundant. The http and conn log are very different and have different data in them. Rather they complement each other.
> Additionally, the conn log seems to be getting more important over time.  I've run into several sites already that aren't maintaining a conn.log and they might see tunnels being identified on their network (with the tunnel.log) but they don't know if any connections happened over the tunnel because that is indicated in the tunnel log.
>  .Seth
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list