[Bro] Bro problem - no software.log written
seth at icir.org
Mon Feb 24 05:16:29 PST 2014
On Feb 22, 2014, at 8:59 AM, Mike Sconzo <sconzo at visiblerisk.com> wrote:
> Make sure to set your Sites::local_net variable. If you set it to
> 0.0.0.0/0 you should get an entry in software.log for every connection
> that bro can find qualifying entries for.
That will have side effects in other areas of Bro. If you want to log all software seen, it's probably better to use…
redef Software::asset_tracking = ALL_HOSTS;
Keep in mind though that this will have consequences in memory because it will store all of the seen software in memory.
International Computer Science Institute
(Bro) because everyone has a network
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140224/e374ce75/attachment.bin
More information about the Bro