[Bro] missing fields in conn.log
Earl Eiland
earl.eiland at root9b.com
Thu Jun 18 06:28:50 PDT 2015
I'm running bro 2.4 on an industrial control system pcap file. According to , https://www.bro.org/sphinx-git/scripts/base/init-bare.bro.html#type-connection,<https://www.bro.org/sphinx-git/scripts/base/init-bare.bro.html#type-connection> there are a number of optional fields in conn.log. However, conn.log does not seem to include any of the optional fields.
For example, my test data includes MODBUS traffic, and one of the optional conn fields is "modbus". I've checked loaded-scripts.log: modbus/main.bro is loaded. Also modbus.log is being output and populated. conn.log, however, does not include a "modbus" field.
what do I have to do for conn.log to include the optional fields?
Best Regards,
Earl Eiland,
Sr. Cyber Security Engineer,
Emerging Technologies, root9B,
San Antonio, Texas
This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity named. If you are not the named addressee you are notified that disclosing, copying, distributing or taking any action in reliance on the contents of this information is strictly prohibited. Please notify the sender immediately by email if you received this email in error and delete this email from your system. Any views or opinions presented in this e-mail are solely those of the author and do not necessarily represent those of root9B LLC.?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150618/1bf586d6/attachment-0001.html
More information about the Bro
mailing list