[Bro] Detecting Local Hosts
William Seemann
wseemann at gmail.com
Sun Oct 23 22:57:26 PDT 2011
Can someone tell me if there is an easy way to detect of a connection is
being made by a local host rather then an external one? For instance, if
I have a cluster of machines and an instance of Bro running is there any
easy way to distinguish connections made by these machines vs. external
ones? Is maintaining a list of local hosts and performing a check (shown
below) the only way to accomplish this?
if (c$id$resp_h !in local_hosts)
do something...
More information about the Bro
mailing list