[Bro] Monitoring for MAC address

Zeolla@GMail.com zeolla at gmail.com
Thu Oct 6 11:55:33 PDT 2016


I have a use case where I would like to monitor for certain MAC addresses
in use.  I took a look at the Intel framework
<https://www.bro.org/sphinx-git/scripts/base/frameworks/intel/main.bro.html#type-Intel::Type>
and
it doesn't seem to have a type that can handle this.  Has anybody else
encountered a similar scenario in the past?

The list will be ever-evolving and so I would like to be able to modify it
without having to restart my cluster (hence considering the Intel
framework).  I did find this thread
<http://mailman.icsi.berkeley.edu/pipermail/bro/2015-July/008819.html>, and
if I have to, I will just write a script that uses known_devices.  Thanks,

Jon
-- 

Jon
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161006/3c47c3a6/attachment.html 


More information about the Bro mailing list