[Bro] Newb with a couple questions
MICHAEL WAITE
mfw113 at psu.edu
Thu Mar 14 03:47:58 PDT 2013
I would not call the conn log redundant. The http and conn log are very different and have different data in them. Rather they complement each other.
-Mike
On Mar 13, 2013, at 18:31, James Lay <jlay at slave-tothe-box.net> wrote:
> On 2013-03-13 16:14, anthony kasza wrote:
>> Depending on what you are trying to accomplish, you can filter the
>> data by protocol after it's been written to the conn.log file with
>> bro-cut or awk.
>>
>> -Anthony
>
> Hi Anthony,
>
> Ideally the protocols would be dropped before logging. I already have
> dns and http logging using Bro, so seeing them in the connections log
> seems a tad redundant. Thanks for the quick response.
>
> James
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list