Telnet log

Hello,

With 2.4.1, is there any way to generate Telnet logs? Thanks in advance!

John

Mayyyybe...?

There's an older Login analyzer which claims to have support for
Telnet, but I personally haven't used it, so I don't know how well it
would work. I believe that it was pretty thorough, it just hasn't been
used in a while.

The events you're looking for are:

https://www.bro.org/sphinx/scripts/base/bif/plugins/Bro_Login.events.bif.bro.html#id-login_output_line
https://www.bro.org/sphinx/scripts/base/bif/plugins/Bro_Login.events.bif.bro.html#id-login_input_line

However, as the TODO states, this protocol analyzer does not get
activated in Bro 2.x. A copy of the script that Bro used to use is here,
though it's a mess and would require porting and cleanup:

https://github.com/grigorescu/bro-scripts/blob/master/scripts/todo/needs_review/login.bro

I might start with something like this, run it against some PCAPs and
then start building a log from there:

const ports = { 23/tcp };

event bro_init() &priority=5
  {
  Analyzer::register_for_ports(Analyzer::ANALYZER_LOGIN, ports);
  }

event login_input_line(c: connection, line: string)
  {
  print "<-", line;
  }

event login_output_line(c: connection, line: string)
  {
  print "->", line;
  }

  --Vlad

john smith <js688886@gmail.com> writes: