[Bro] Understanding Connection history for ssh.

fatema bannatwala fatema.bannatwala at gmail.com
Mon Oct 10 12:22:21 PDT 2016


Hi James,

Thank you for the answer.
The problem is that, when contacted the concerned party,
they say that they don't see any login attempts from that IP and
asking whether we were sure that the ssh login were successful.
Looking at what we have recorded using Bro, I just wanted to know how one
could
tell whether the ssh login resulted a success/ failure just by looking at
the bro conn.log, and ssh.log.
Hence, wanted to know the heuristics behind setting that 'auth_success'
field to T or F.

Thanks,
Fatema.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161010/012979ad/attachment.html 


More information about the Bro mailing list