[Bro] SSH logging
Jean-Philippe Luiggi
jp.luiggi at free.fr
Thu Feb 8 16:03:19 PST 2007
Hello Brian,
Just check "brolite.bro" (<bro_dir>/policy)
====
## Dynamic Protocol Detection configuration
#
# This is off by default, as it requires a more powerful Bro host.
# Uncomment next line to activate.
const use_dpd = T;
@ifdef ( use_dpd )
@load dpd
@load irc-bot
@load dyn-disable
@load detect-protocols
@load detect-protocols-http
@load proxy
@load ssh
====
If you uncomment the "const use_dpd = T;" line, you'll get ssh activated.
Best regards.
On Wed, Feb 07, 2007 at 01:42:29PM +0100, Brian Scott wrote:
> Hi all,
>
> we were trying to log all SSH connections going to one of our test
> computers.
>
> Even though they appear in the conn log, it does not even create a ssh log.
> Do we need to activate this module at a certain place?
>
>
> Brian
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list