[Bro] Interesting observation with ssh on non-ssh port
seth at icir.org
Wed Apr 2 13:08:12 PDT 2014
On Apr 2, 2014, at 2:14 PM, James Lay <jlay at slave-tothe-box.net> wrote:
> but there's no trace of it in conn.log. This obviously explains why I
> couldn't get the large outbound transfer scripts working, but now I'm
> curious...is there a reason why this TCP session doesn't show up in
> conn.log? Running bro 2.2...thank you.
Did you close down the connection? Bro doesn’t log anything until the connection ends. In scripts though you could use the ConnPolling thing that Jon Siwek mentioned in another thread to monitor the connection in-flight. Typically I don’t recommend relying on the log events except for very simple tasks. Doing any sort of in-progress monitoring of connections is almost intrinsically not a simple task.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140402/e294af06/attachment.bin
More information about the Bro