Hi all,
Just wanted to confirm something I’m thinking about – if I’m only interested in collecting data from protocols that would show up in conn.log, would this be the correct reference for the protocols to include? https://github.com/bro/bro/blob/master/src/Sessions.cc#L467-L696
AFAIK, the other default log files would also be included in a BPF like this (due to most falling under tcp or udp).
Thanks!
Josh