[Bro] Logging filter for Bro

Gary Faulkner gfaulkner.nsm at gmail.com
Mon Jul 27 19:52:08 PDT 2015


You could also create a new script and place it under
<path-to-bro>/share/bro/site/ and then add an @load statement to local.bro.

On 7/27/2015 4:11 PM, MILLER, BRAD L wrote:
> Actually.. answered my own question by just adding the code directly to local.bro.  It works!
>
> From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of MILLER, BRAD L
> Sent: Monday, July 27, 2015 4:57 PM
> To: bro at bro.org
> Subject: [Bro] Logging filter for Bro
>
> Sorry for the basic nature of this question but I seem stuck at a simple bro modification.
>
> I intend to write a bro filter that is outlined here:  http://blog.bro.org/2012/02/filtering-logs-with-bro.html (splitting DNS logs), and I have all the parameters I need.  However, I am stuck on the actual execution of where and how to put the filter in place.  While the article is helpful, I am not sure how to implement the logging filter.  Is it just a bro script to be invoked via local.bro?
>
> Brad
>
>
>
>
> Please be aware that if you reply directly to this particular message, your reply may not be secure. Do not use email to send us communications that contain unencrypted confidential information such as passwords, account numbers or Social Security numbers. If you must provide this type of information, please visit comerica.com to submit a secure form using any of the ”Contact Us” forms. In addition, you should not send via email any inquiry or request that may be time sensitive. The information in this e-mail is confidential. It is intended for the individual or entity to whom it is addressed. If you have received this email in error, please destroy or delete the message and advise the sender of the error by return email.
>
>
> Please be aware that if you reply directly to this particular message, your reply may not be secure. Do not use email to send us communications that contain unencrypted confidential information such as passwords, account numbers or Social Security numbers. If you must provide this type of information, please visit comerica.com to submit a secure form using any of the ”Contact Us” forms. In addition, you should not send via email any inquiry or request that may be time sensitive. The information in this e-mail is confidential. It is intended for the individual or entity to whom it is addressed. If you have received this email in error, please destroy or delete the message and advise the sender of the error by return email.
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150727/2139996c/attachment-0001.html 


More information about the Bro mailing list