[Bro] nfs analysis
Christian Kreibich
christian at whoop.org
Sat Sep 22 14:50:02 PDT 2007
On Fri, 2007-09-21 at 17:25 -0700, Mike Wood wrote:
> Quick question: is the documentation regarding NFS on the Bro-wiki accurate?
>
> "Deficiency: Bro's notion of NFS is currently confined to just
> knowledge of the existence of these services. It does not analyze the
> particulars of different NFS operations."
>
> I am trying to extract some NFS file access events from a trace and
> cannot seem to get the nfs_request_* nfs_attempt_* event handlers to
> trigger. Should I be able to?
Hey Mike! I believe the documentation is once again misleading. :( Do
you get nothing at all when you load nfs.bro?
Cheers,
Christian
--
________________________________________________________________________
http://www.icir.org/christian
http://www.whoop.org
More information about the Bro
mailing list