[Bro] Telnet log

Vlad Grigorescu vladg at illinois.edu
Fri Apr 22 09:54:47 PDT 2016


There's an older Login analyzer which claims to have support for
Telnet, but I personally haven't used it, so I don't know how well it
would work. I believe that it was pretty thorough, it just hasn't been
used in a while.

The events you're looking for are:


However, as the TODO states, this protocol analyzer does not get
activated in Bro 2.x. A copy of the script that Bro used to use is here,
though it's a mess and would require porting and cleanup:


I might start with something like this, run it against some PCAPs and
then start building a log from there:

> const ports = { 23/tcp };
> event bro_init() &priority=5
> 	{
> 	Analyzer::register_for_ports(Analyzer::ANALYZER_LOGIN, ports);
> 	}
> event login_input_line(c: connection, line: string)
>   {
>   print "<-", line;
>   }
> event login_output_line(c: connection, line: string)
>   {
>   print "->", line;
>   }


john smith <js688886 at gmail.com> writes:

> Hello,
> With 2.4.1, is there any way to generate Telnet logs? Thanks in advance!
> John
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 800 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160422/6212500f/attachment.bin 

More information about the Bro mailing list