[Bro] long SSH connection in conn.log
Sven Dreyer
sven at dreyer-net.de
Thu Sep 3 15:08:56 PDT 2015
Dear list,
I started an SSH connection in my LAN on 3:32pm which lasted until
07:04pm - so we're talking about an SSH session lasting 3 1/2 hours.
In my conn.log files, I find this single SSH connection as 5 connections:
1) conn_state S1, service ssh
2-4) conn_state OTH, service -
5) conn_state SF, service -
Bro was started before the SSH connection was initiated, so I'd expect a
single conn.log entry to be written when I disconnect. Or did I get
something wrong here?
Thanks!
Sven
More information about the Bro
mailing list