I have some questions about Bro, thanks!

user23 · February 1, 2007, 5:56pm

Dear all:

I want to get some statistics about past connections.
But the record_connection function in the “conn.bro”, it seems to deal with one connection.

So I need to get the past connection, but I have no idea that which function/event should I modify .

In the Ref-Manual document, I saw the log_hook predefined fumction.
I guess maybe this function is the key for my question.
But I can’t find this function in any file.
Where can I find this function, or I have to create by myself ?
If I have to create by myself, which file should add this funciotn ? (I mean which file should include this function.)

My english is no well, so if it is impolite.
Sorry about that.
Thanks!

Best Regards,
Jack
2007/2/2

Christian_Kreibich3 · February 2, 2007, 2:11am

Hi Jack,

Bro can automatically produce a connection log containing a 1-line
summary of all flows it observes. It sounds like this should be pretty
close to what you want. See here for details:

http://www.bro-ids.org/wiki/index.php/Reference_Manual:_Analyzers_and_Events#Generic_Connection_Analysis

(This is part of the ongoing effort to wikify the manuals, apologies if
it's still looking rough in places.)

Cheers,
Christian.

Christian_Kreibich3 · February 2, 2007, 5:52pm

Hi Jack,

Topic		Replies	Views
Question about creating custom conn logs. Zeek	2	54	May 6, 2022
Bro questions from a rookie Zeek	2	72	May 6, 2022
Logging connections after specific daytime Development development	1	70	May 6, 2022
Bro logging connections after specific daytime Zeek	3	82	May 6, 2022
conn.bro Zeek	3	59	May 6, 2022

I have some questions about Bro, thanks!

Related Topics