the ALL_HOSTS setting is not useful in my case. In my case, I want to
detect some webapps. I have enabled the detect-webapps.bro script. But logs
are not created. Am I missing anything else that needs to be changed?
On Tue, Feb 25, 2014 at 1:43 PM, Mike Sconzo <sconzo(a)visiblerisk.com> wrote:
Figured it'd have side effects, didn't
really matter for my use cases.
However, the ALL_HOSTS setting is useful, and I didn't know that.
On Mon, Feb 24, 2014 at 7:16 AM, Seth Hall <seth(a)icir.org> wrote:
On Feb 22, 2014, at 8:59 AM, Mike Sconzo <sconzo(a)visiblerisk.com> wrote:
Make sure to set your Sites::local_net variable.
If you set it to
0.0.0.0/0 you should get an entry in software.log for every connection
that bro can find qualifying entries for.
That will have side effects in other areas of Bro. If you want to log
software seen, it's probably better to use...
redef Software::asset_tracking = ALL_HOSTS;
Keep in mind though that this will have consequences in memory because
store all of the seen software in memory.
International Computer Science Institute
(Bro) because everyone has a network
cat ~/.bash_history > documentation.txt