[Bro] script working from cmd line but not from local.bro
Seth Hall
seth at icir.org
Fri Jan 3 06:07:40 PST 2014
On Jan 2, 2014, at 6:13 PM, "Kellogg, Brian D (OLN)" <bkellogg at dresser-rand.com> wrote:
> I have a script I've been writing for a couple weeks that looks at every connection's total bytes. If the total bytes when the connection is removed from memory is over X bytes then raise a Bro notice. I have a global variable structure defined to keep track of internal hosts that have uploaded more than X bytes in a connection.
Please post the script so we can review it.
Thanks,
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140103/5968e6a8/attachment.bin
More information about the Bro
mailing list