[Bro] http analyzer
Robin Sommer
robin at icir.org
Tue Aug 4 11:25:17 PDT 2009
On Mon, Aug 03, 2009 at 17:50 -0700, you wrote:
> I am trying to run bro with http.bro policy file against a pcap file.
You need http-request and http-reply (and potentially some more of
the other http-*). The HTTP analysis is split across a set of
scripts and while http.bro implements parts of that, it itself does
not activate the analysis.
Robin
--
Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro
mailing list