Dears Sirs,
I'm a recent user of Bro, so excuse me if this is a basic question...
I need to find the exact meaning of each field of log files. For example, "duration is in seconds, miliseconds...?", "difference between orig_bytes and orig_ip_bytes" and so on.
Still exist this information published in any place?
Thanks in advance!
Best regards,
Nuno.
I need to find the exact meaning of each field of log files. For example, "duration is in seconds, miliseconds...?", "difference between orig_bytes and orig_ip_bytes" and so on.
You can usually find descriptions if you browse the script reference documentation like at [1]. Generally, for fields of type "interval" (like "duration"), the unit is seconds.
- Jon
[1] http://bro.org/sphinx/scripts/base/protocols/conn/main.html#type-Conn::Info