[Bro-Dev] [JIRA] (BIT-1444) Connection logging for ESP

Seth Hall (JIRA) jira at bro-tracker.atlassian.net
Fri Sep 4 11:44:00 PDT 2015

    [ https://bro-tracker.atlassian.net/browse/BIT-1444?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21960#comment-21960 ] 

Seth Hall commented on BIT-1444:

Let's get some packet captures attached to this ticket.  That going to be the best way to support this.

We will look into supporting a mechanism where we can report how much unsupported traffic is seen until we support the IPSec protocols.

> Connection logging for ESP
> --------------------------
>                 Key: BIT-1444
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1444
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>            Reporter: Jimmy Jones
>            Assignee: Vlad Grigorescu
>            Priority: Low
> I'd like to be able to track ESP (IPSec) connections in conn.log. Although ESP is encrypted, the ability to track volumes and pattern of life etc would be beneficial when doing intrusion analysis.

This message was sent by Atlassian JIRA

More information about the bro-dev mailing list