[Bro] Specification of log fields
Siwek, Jonathan Luke
jsiwek at illinois.edu
Wed Sep 4 11:00:35 PDT 2013
> I need to find the exact meaning of each field of log files. For example, "duration is in seconds, miliseconds...?", "difference between orig_bytes and orig_ip_bytes" and so on.
You can usually find descriptions if you browse the script reference documentation like at [1]. Generally, for fields of type "interval" (like "duration"), the unit is seconds.
- Jon
[1] http://bro.org/sphinx/scripts/base/protocols/conn/main.html#type-Conn::Info
More information about the Bro
mailing list