[Bro] - see all triggered events on a given pcap file
Johanna Amann
johanna at icir.org
Tue May 30 10:24:14 PDT 2017
Note that this only will work for events that are already used in other
scripts. If an event is not used at all, it will not show up in the output
of dump-events.
Johanna
On Sun, May 28, 2017 at 06:37:41PM +0300, william de ping wrote:
> Thank you very much !
> it works great :)
>
> On Sun, May 28, 2017 at 6:06 PM, Keith Lehigh <klehigh at iu.edu> wrote:
>
> > policy/misc/dump-events.bro does exactly what you want.
> >
> > - Keith
> > > On May 28, 2017, at 10:36, william de ping <bill.de.ping at gmail.com>
> > wrote:
> > >
> > > Hi all,
> > >
> > > Does anyone know a way to get a list of all triggered events given a
> > pcap file ?
> > >
> > > Currently what I do is just print some indicative message for each
> > suspected relevant events (quit tedious task)
> > >
> > > Thanks
> > > B
> > > _______________________________________________
> > > Bro mailing list
> > > bro at bro-ids.org
> > > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> >
> >
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list