[Bro] Arp script : Bro doesn't log all traffic

Nicolas KRASINSKI krasinski at cines.fr
Thu Feb 22 07:30:09 PST 2018


Great! Thank you very much, it works. 

Nicolas. 


De: "Azoff, Justin S" <jazoff at illinois.edu> 
À: "krasinski" <krasinski at cines.fr> 
Cc: bro at bro.org 
Envoyé: Jeudi 22 Février 2018 14:44:21 
Objet: Re: [Bro] Arp script : Bro doesn't log all traffic 

> On Feb 22, 2018, at 4:30 AM, Nicolas KRASINSKI <krasinski at cines.fr> wrote: 
> 
> Hello, 
> 
> When I load arp_main script (https://gist.github.com/grigorescu/a28b814a8fb626e2a7b4715d278198aa) in local.bro, Bro log only arp traffic and not more. 
> I just have this logs : 
> stdout 
> stderr 
> stats 
> notice 
> arp 
> 
> When I don't load this arp script, bro log normaly all traffic... 
> Do you know why ? 


Removing this line should fix things: 

redef capture_filters += { ["arp"] = "arp" }; 


— 
Justin Azoff 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180222/de451a07/attachment.html 


More information about the Bro mailing list