[Bro] Detecting Local Hosts

William Seemann wseemann at gmail.com
Sun Oct 23 22:57:26 PDT 2011


Can someone tell me if there is an easy way to detect of a connection is 
being made by a local host rather then an external one? For instance, if 
I have a cluster of machines and an instance of Bro running is there any 
easy way to distinguish connections made by these machines vs. external 
ones? Is maintaining a list of local hosts and performing a check (shown 
below) the only way to accomplish this?

if  (c$id$resp_h !in local_hosts)
     do something...



More information about the Bro mailing list