[Bro-Dev] Adding a LOCAL option to the Direction type?
Vlad Grigorescu
vlad at grigorescu.org
Thu Aug 28 16:16:44 PDT 2014
The Direction type (defined in base/utils/directions-and-hosts.bro)
currently has directions for:
- remote orig, local resp
- local orig, remote resp
- bidirectional ("Only one endpoint is within the locally-monitored
network, meaning the connection is either outbound or inbound.")
- no_direction ("This value doesn't match any connection.")
Does it make sense to add LOCAL == local orig, local resp? Similarly, do we
want to add EXTERNAL == remote orig, remote resp?
I'm looking at this for the SSH log in particular.
--Vlad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20140828/0fa29fc8/attachment.html
More information about the bro-dev
mailing list