[Bro] Understanding Connection history for ssh.
fatema.bannatwala at gmail.com
Mon Oct 10 12:22:21 PDT 2016
Thank you for the answer.
The problem is that, when contacted the concerned party,
they say that they don't see any login attempts from that IP and
asking whether we were sure that the ssh login were successful.
Looking at what we have recorded using Bro, I just wanted to know how one
tell whether the ssh login resulted a success/ failure just by looking at
the bro conn.log, and ssh.log.
Hence, wanted to know the heuristics behind setting that 'auth_success'
field to T or F.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro