[Bro] Bro problem - no software.log written
sconzo at visiblerisk.com
Tue Feb 25 00:13:54 PST 2014
Figured it'd have side effects, didn't really matter for my use cases.
However, the ALL_HOSTS setting is useful, and I didn't know that.
On Mon, Feb 24, 2014 at 7:16 AM, Seth Hall <seth at icir.org> wrote:
> On Feb 22, 2014, at 8:59 AM, Mike Sconzo <sconzo at visiblerisk.com> wrote:
>> Make sure to set your Sites::local_net variable. If you set it to
>> 0.0.0.0/0 you should get an entry in software.log for every connection
>> that bro can find qualifying entries for.
> That will have side effects in other areas of Bro. If you want to log all software seen, it's probably better to use...
> redef Software::asset_tracking = ALL_HOSTS;
> Keep in mind though that this will have consequences in memory because it will store all of the seen software in memory.
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
cat ~/.bash_history > documentation.txt
More information about the Bro