[Bro] Basic questions about the use of Bro.
Vern Paxson
vern at icir.org
Sat Apr 5 17:20:38 PDT 2008
> How can I get the output of Bro in normal time and not UNIX time,using cf.
> for example,processing a tcpdump capture file:
There's no general option for this. For any particular value you want to
print from a script, you can use fmt()'s %D or %T format.
> I did not do a complete installation of Bro,I use Bro to analyze my home
> ADSL connections right after the end of the session,so Bro does not report
> to log files in the logs directory,it reports to standard output.
You can "@load weird" to get the "weird" output into a file instead.
> if bro ever needs to report more troublesome events,does it follow
> the same terminology(name) used for the diverse files in the logs
> directory?
I'm not quite sure what you mean, but it will write alarms to stdout if
you haven't done "@load alarm", and the name used is the same in either case.
Vern
More information about the Bro
mailing list