[Bro] Arp script : Bro doesn't log all traffic
Azoff, Justin S
jazoff at illinois.edu
Thu Feb 22 05:44:21 PST 2018
> On Feb 22, 2018, at 4:30 AM, Nicolas KRASINSKI <krasinski at cines.fr> wrote:
>
> Hello,
>
> When I load arp_main script (https://gist.github.com/grigorescu/a28b814a8fb626e2a7b4715d278198aa) in local.bro, Bro log only arp traffic and not more.
> I just have this logs :
> stdout
> stderr
> stats
> notice
> arp
>
> When I don't load this arp script, bro log normaly all traffic...
> Do you know why ?
Removing this line should fix things:
redef capture_filters += { ["arp"] = "arp" };
—
Justin Azoff
More information about the Bro
mailing list