[Bro] Newb with a couple questions
James Lay
jlay at slave-tothe-box.net
Thu Mar 14 03:53:41 PDT 2013
On Mar 14, 2013, at 4:47 AM, MICHAEL WAITE <mfw113 at psu.edu> wrote:
> I would not call the conn log redundant. The http and conn log are very different and have different data in them. Rather they complement each other.
>
> -Mike
>
> On Mar 13, 2013, at 18:31, James Lay <jlay at slave-tothe-box.net> wrote:
>
>> On 2013-03-13 16:14, anthony kasza wrote:
>>> Depending on what you are trying to accomplish, you can filter the
>>> data by protocol after it's been written to the conn.log file with
>>> bro-cut or awk.
>>>
>>> -Anthony
>>
>> Hi Anthony,
>>
>> Ideally the protocols would be dropped before logging. I already have
>> dns and http logging using Bro, so seeing them in the connections log
>> seems a tad redundant. Thanks for the quick response.
>>
>> James
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
A fair point. And I'll give that a go Seth thank you…gonna be busy the rest of this week, so I'll report my results on Monday. Thanks for the assistance all.
James
More information about the Bro
mailing list