[Bro] Arp script : Bro doesn't log all traffic
Vlad Grigorescu
vladg at illinois.edu
Thu Feb 22 07:00:34 PST 2018
Thanks, Justin. I updated the gist (which is just hosting a copy of the
script found in the mailing list) to remove that line.
It's been on my todo list to turn that into a Bro package.
--Vlad
"Azoff, Justin S" <jazoff at illinois.edu> writes:
>> On Feb 22, 2018, at 4:30 AM, Nicolas KRASINSKI <krasinski at cines.fr> wrote:
>>
>> Hello,
>>
>> When I load arp_main script (https://gist.github.com/grigorescu/a28b814a8fb626e2a7b4715d278198aa) in local.bro, Bro log only arp traffic and not more.
>> I just have this logs :
>> stdout
>> stderr
>> stats
>> notice
>> arp
>>
>> When I don't load this arp script, bro log normaly all traffic...
>> Do you know why ?
>
>
> Removing this line should fix things:
>
> redef capture_filters += { ["arp"] = "arp" };
>
>
> —
> Justin Azoff
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 861 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180222/fed0daa9/attachment.bin
More information about the Bro
mailing list