[Bro] Bro bug?

Justin Azoff JAzoff at albany.edu
Sun Jan 19 09:09:01 PST 2014

On Sun, Jan 19, 2014 at 04:45:11PM +0000, Kellogg, Brian D (OLN) wrote:
> largeTx.bro alerts on any outgoing Txs over X bytes.  If of sufficient size it sends an email alert.
> I received an email alert saying that transmitted over 1GB of information to  Therefore I went to the FPC directory above to extract this communication to see what it was.  The extracted content was ~3.5MB in size. 

> Message: Orig transmitted 1056737769 bytes to resp.  Duration 0.092641 sec.  Connection UID Cma6473thsxripFj9k.

Can you post the full conn.log entry for this connection? That might help
explain what is going on.

    grep Cma6473thsxripFj9k conn.log

should find the exact entry.

-- Justin Azoff

More information about the Bro mailing list