[Bro] "conn" field not present in connection

Ren, Wenyu wren3 at illinois.edu
Thu Jun 1 15:16:59 PDT 2017

Hi Everyone,

I have a problem using the "conn" field in the connection record. The reference states that "conn" should exist if "base/protocols/conn/main.bro" is loaded. I have it loaded and the "conn.log" is generated. However, the "conn" field is not there. I got the connection record from the new_packet event. Anyone have any idea? Thanks a lot. 


Wenyu Ren
Ph.D. Candidate
Department of Computer Science
University of Illinois at Urbana-Champaign

More information about the Bro mailing list