[Bro] forwarding Facebook inquiry

Dopheide, Jeannette M jdopheid at illinois.edu
Sun Mar 15 16:25:04 PDT 2015


Hello Bro Community,

I'm forwarding along a Facebook post our page received:

Can some one help me how to split connection from internal and external in a separate log even i dont want the traffic from out side to the inside?

Find bellow the script im using: i have been looking for someone to help me for a month now its for educational purposes
 -----------------------------------------
global mime_to_ext: table[string] of string = {
 ["text/plain"] = "txt",
["text/html"] = "html",
["application/pdf"] = "pdf",
["application/x-pdf"] = "pdf",
["application/acrobat"] = "pdf",
["applications/vnd.pdf"] = "pdf",
["text/pdf"] = "pdf",
["text/x-pdf"] = "pdf",
};
global sn_pro: table[string] of string = {
["SMTP"] = "SMTP",
["HTTP"] = "HTTP",
};
event file_new(f: fa_file) {
#if ( f$source !in ssl_ports )
if ( f$source !in sn_pro ) return;
if ( ! f?$mime_type ) return;
if ( f$mime_type !in mime_to_ext ) return;
local fname = fmt("%s-%s.%s", f$source, f$id, mime_to_ext[f$mime_type]);
print fmt("Extracting file %s", fname); Files::add_analyzer(f, Files::ANALYZER_EXTRACT, [$extract_filename=fname]);
}

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150315/515b2504/attachment.html 


More information about the Bro mailing list