[Bro] Fwd: Other log files besides conn.log

Wayland Morgan dotwayland at gmail.com
Tue Oct 17 16:13:41 PDT 2017 

I was unaware of the mac-logging option. Thanks for sharing.

On Tue, Oct 17, 2017 at 6:04 PM Jim Mellander <jmellander at lbl.gov> wrote:

> ​Hi Therenca:
>
> You could add this to local.bro:
>
> @load policy/protocols/conn/mac-logging
>
> However, unless you're actually directly monitoring inside the border of a
> subnet, the host MAC address will not be seen, but the MAC addresses of the
> routers, so this may not be too useful.
>
> Depending on your network topology, dhcp.log might have some information
> on the mapping.  You could also check your DHCP server's logs, which should
> have the information you need.
>
> Hope this helps,
>
> Jim
>
>
>
>
>
> On Tue, Oct 17, 2017 at 7:34 AM, Therenca Mureithi <
> therencamureithi at gmail.com> wrote:
>
>>
>> ---------- Forwarded message ----------
>> From: Therenca Mureithi <therencamureithi at gmail.com>
>> Date: Tue, Oct 17, 2017 at 5:30 PM
>> Subject: Other log files besides conn.log
>> To: bro at bro.org
>>
>>
>> Is there a way to add mac address to log files like http.log, ssl.log,
>> ssh.log, especially when the ip addresses are dynamic. I have been able to
>> add mac address to the conn.log file following bro related threads. I am
>> not skilled at bro scripting but i would very much like to have this
>> functionality. Why? Due to the fact that i want to track down users of the
>> network and at one point their ip addresses do change, however rarely do
>> mac address change unless ofcourse you have spoofed it. Kindly reply.
>> Anyone.
>>
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-- 
Wayland
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171017/7c7932db/attachment.html

More information about the Bro mailing list