[Bro] Sample log header generator?

Harry Hoffman hhoffman at ip-solutions.net
Fri Apr 6 14:30:06 PDT 2018


Hi Paul,

Not sure if this is, exactly, what you're looking for as it doesn't break
it down per version of Bro but it maybe enough:

https://www.bro.org/sphinx/script-reference/log-files.html

Cheers,
Harry


On Fri, Apr 6, 2018, 5:25 PM Nash, Paul Edward <paul_nash at harvard.edu>
wrote:

> Hi All,
>
>   For a given distribution of Bro, is there a simple way to generate the
> header portions for all of the various (network/protocol related) log
> files?  Specifically, I’m looking for the names of the individuals fields
> (the #fields line).   My goal is to use the information to automatically
> generate back-end splunk configuration files prior to upgrading a live
> system. While the field names don’t change often, they have in the past.
> Relying on live data to generate the individual logs isn’t ideal as actual
> traffic must be observed or you have to have a sample pcap for every
> protocol.
>
>
>
> While sample logs do exist in the ‘testing’ directory, I don’t see a quick
> way to grab samples for each log type that would be repeatable for future
> releases.
>
>
>
> Thanks,
>
> -Paul
>
>
>
> --
>
> Paul Nash
>
> HUIT IT Security Operations
>
> 617.998.5126
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180406/b4342170/attachment.html 


More information about the Bro mailing list