[Bro] Logging filter for Bro

MILLER, BRAD L BLMILLER at comerica.com
Mon Jul 27 13:56:48 PDT 2015


Sorry for the basic nature of this question but I seem stuck at a simple bro modification.

I intend to write a bro filter that is outlined here:  http://blog.bro.org/2012/02/filtering-logs-with-bro.html (splitting DNS logs), and I have all the parameters I need.  However, I am stuck on the actual execution of where and how to put the filter in place.  While the article is helpful, I am not sure how to implement the logging filter.  Is it just a bro script to be invoked via local.bro?

Brad




Please be aware that if you reply directly to this particular message, your reply may not be secure. Do not use email to send us communications that contain unencrypted confidential information such as passwords, account numbers or Social Security numbers. If you must provide this type of information, please visit comerica.com to submit a secure form using any of the ”Contact Us” forms. In addition, you should not send via email any inquiry or request that may be time sensitive. The information in this e-mail is confidential. It is intended for the individual or entity to whom it is addressed. If you have received this email in error, please destroy or delete the message and advise the sender of the error by return email.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150727/b93a45ac/attachment.html 


More information about the Bro mailing list