[Bro] Hui Lin_Enable Protocol Analyzer in Bro bare mode

Siwek, Jonathan Luke jsiwek at illinois.edu
Mon Jun 25 14:19:26 PDT 2012


> I also like to use a Syslog analyzer to analyze syslog_message event. I define syslog_message event in my own script, but this event handler is not executed under bare mode? I am wondering what scripts should be loaded to enable Syslog analyzer.

You could "@load base/protocols/syslog" to enable the analyzer at least for UDP port 514 traffic.  Or you could just "redef dpd_config" like base/protocols/syslog/main.bro does for the ports you need.  Not sure if a DPD signature could/should be added for syslog so that would not be necessary, Seth would probably have an idea.

    Jon



More information about the Bro mailing list