Hello,
With 2.4.1, is there any way to generate Telnet logs? Thanks in advance!
John
Mayyyybe...?
There's an older Login analyzer which claims to have support for
Telnet, but I personally haven't used it, so I don't know how well it
would work. I believe that it was pretty thorough, it just hasn't been
used in a while.
The events you're looking for are:
https://www.bro.org/sphinx/scripts/base/bif/plugins/Bro_Login.events.bif.bro.html#id-login_output_line
https://www.bro.org/sphinx/scripts/base/bif/plugins/Bro_Login.events.bif.bro.html#id-login_input_line
However, as the TODO states, this protocol analyzer does not get
activated in Bro 2.x. A copy of the script that Bro used to use is here,
though it's a mess and would require porting and cleanup:
I might start with something like this, run it against some PCAPs and
then start building a log from there:
const ports = { 23/tcp };
event bro_init() &priority=5
{
Analyzer::register_for_ports(Analyzer::ANALYZER_LOGIN, ports);
}event login_input_line(c: connection, line: string)
{
print "<-", line;
}event login_output_line(c: connection, line: string)
{
print "->", line;
}
--Vlad
john smith <js688886@gmail.com> writes: