I am trying to understand the language and examples of creating/editing
policy files.I have a couple of questions.
1) Does anyone in the list know of a good resource to use to better
understand how to create/edit the policy files is? Yes I have also
downloaded the archive for this list as well as the bro manual. But I'm
looking more for something along the lines of a heavily commented policy
file that would explain some of this language.
2) following up to the prvious question. If for example I wanted to break
out telnet logging from login.bro in order to record a record of just the
time, src ip, src port, direction, dst ip, dst port, eventually username
For example, then log that into a telnet connection log I'm not really
seeing this in the manual or in the other policy files.
Any help would be appreciated.
Thank you in advance,