[Bro] - ICMP not in conn.log
seth at corelight.com
Thu Aug 17 08:57:34 PDT 2017
On 16 Aug 2017, at 8:32, william de ping wrote:
> Anyone knows why ICMP does not appear in conn.log ?
> I see that the plugin and icmp analyzer are loaded, yet no indication
> conn.log for proto icmp.
We never created a model to include that data. I've had it on my radar
for a while, but unfortunately have not found the time to add it.
I was hoping to figure out a way to include the data in conn.log for
connections where ICMP was seen in relation to a connection (like Time
Exceeded) instead of just having them listed as separate "connections".
Seth Hall * Corelight, Inc * www.corelight.com
More information about the Bro