[Bro] Basic questions about the use of Bro.
Luca Renaud
renaud.luca at gmail.com
Sat Apr 5 14:43:50 PDT 2008
How can I get the output of Bro in normal time and not UNIX time,using cf.
for example,processing a tcpdump capture file:
/usr/local/bro-1.2/bin/bro -r tcpdumpfile ,I get a list of weird events
in UNIX time,and I prefer normal time.
I did not do a complete installation of Bro,I use Bro to analyze my home
ADSL connections right after the end of the session,so Bro does not report
to log files in the logs directory,it reports to standard output.
When I analyze dump files:
/usr/local/bro-1.2/bin/bro -r tcpdumpcapturefile so far I get a list of
weird events:
...weird: spontaneous_FIN
...
...weird: spontaneous_RST
...
...weird: window_recision
...
...weird: unsolicited_SYN_response
etc.,which by itself is not specially troublesome.My question is:
if bro ever needs to report more troublesome events,does it follow
the same terminology(name) used for the diverse files in the logs
directory?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20080405/ffa92353/attachment.html
More information about the Bro
mailing list