[Bro] Enable ssh detection?
rahul rakesh
rahulbroids at gmail.com
Wed Sep 19 05:24:00 PDT 2018
Hi
PFA created pcap file after performing ssh logins.
When it was used also , the ssh events are bot
generating excepting version event.
with regards
ravi
On 9/19/18, rahul rakesh <rahulbroids at gmail.com> wrote:
> Hi all,
>
> Given SSH example from Bro site is working fine ,when it is tested from
> the command line .
> I mean SSH events such as failed and success are generated and also log is
> created.
> But with out using ssh guess pcap file, when i do ssh thing between two
> systems, these
> events such as ssh_auth_fail and success are *NOT *generating. Can you tell
> How to solve this issue?. or How can i enable SSH detection?
>
> with regards
> ravi
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: newssh3aes.pcapng
Type: application/octet-stream
Size: 24372 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180919/5a7aab01/attachment-0001.obj
More information about the Bro
mailing list