[Bro] Hui Lin_SSH Analyzer
Hui Lin (Hugo)
hlin33 at illinois.edu
Mon Jun 18 07:35:27 PDT 2012
Hi,
In my experiment, I need to use SSH analyzer simply to record a successful
log in. I find that Bro comes with events, heuristic_successful_login,
heuristic_failed_login, in policy file /share/bro/base/protocol/main.bro.
When I test these two events with the default implementation, I find that
the log file always record a failed ssh log in to the system even if I log
in correctly by user/authentication. I want to check when these two events
are called, but I could not find ssh analyzer binpac code.
so I am wondering, how can I correctly record the ssh log in with
user/password authentication and with the user name logged in plain text.
Best,
Hui
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120618/8c7944c5/attachment.html
More information about the Bro
mailing list