[Bro] add TTL to conn.log
Seth Hall
seth at icir.org
Mon Jun 3 06:00:58 PDT 2013
On Jun 3, 2013, at 5:39 AM, 김희철 <hckim at narusec.com> wrote:
> I am trying to add TTL field to conn.log
> but can not seem to get TTL
TTL is given per-packet, but the conn logs represent an entire connection. What are you looking to get?
> there is TTL in the base/event.bif I can not get it to work.
I have no clue what you're talking about here.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list