[Bro] check rx and tx hosts for files

Kellogg, Brian (GS IT PG-DR) bkellogg at dresser-rand.com
Mon Oct 10 09:02:15 PDT 2016

What is the best/most efficient method for checking if rx_hosts is_local_addr  and tx_hosts is not is_local_addr?  I'm extracting files and only want to extract files coming from the Inet to an internal host.

I've also seen some scripts using f$conns[cid]$id... .


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161010/681aa772/attachment.html 

More information about the Bro mailing list