[Bro] Newb with a couple questions
James Lay
jlay at slave-tothe-box.net
Wed Mar 13 15:24:07 PDT 2013
On 2013-03-13 16:14, anthony kasza wrote:
> Depending on what you are trying to accomplish, you can filter the
> data by protocol after it's been written to the conn.log file with
> bro-cut or awk.
>
> -Anthony
>
Hi Anthony,
Ideally the protocols would be dropped before logging. I already have
dns and http logging using Bro, so seeing them in the connections log
seems a tad redundant. Thanks for the quick response.
James
More information about the Bro
mailing list