[Bro] "conn" field not present in connection

Ren, Wenyu wren3 at illinois.edu
Thu Jun 1 15:16:59 PDT 2017


Hi Everyone,

I have a problem using the "conn" field in the connection record. The reference states that "conn" should exist if "base/protocols/conn/main.bro" is loaded. I have it loaded and the "conn.log" is generated. However, the "conn" field is not there. I got the connection record from the new_packet event. Anyone have any idea? Thanks a lot. 

Best,
Wenyu


Wenyu Ren
Ph.D. Candidate
Department of Computer Science
University of Illinois at Urbana-Champaign



More information about the Bro mailing list