[Bro] Comparing file details and connection details at the same time

Seth Hall seth at icir.org
Fri Jan 13 06:40:17 PST 2017


> On Jan 12, 2017, at 7:13 PM, Keith Lehigh <klehigh at iu.edu> wrote:
> 
> The “misc/dump-events” script is invaluable for examining packet captures to figure out what events fire and what data is available for a given event.

There is one small caveat to this too.  If an event isn't handled by an existing script, that event won't be generated and won't show up in the output from the dump-events script.  In many cases this all works out ok, but I wanted to point it out to save someone a headache trying to figure out why an event isn't being generated.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/




More information about the Bro mailing list