This repository has been archived by the owner on Apr 16, 2021. It is now read-only.

securityonion-elsa-extras: update bro_conn parser for Bro 2.4 #762

Closed

dougburks opened this issue Jun 23, 2015 · 3 comments

Contributor

dougburks commented Jun 23, 2015

From https://www.bro.org/download/NEWS.bro.html:
"conn.log gained a new field local_resp that works like local_orig, just for the responder address of the connection."

OLD conn.log

fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents orig_cc resp_cc sensorname

NEW Bro 2.4 conn.log with local_resp:

fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents orig_cc resp_cc sensorname

Contributor Author

dougburks commented Jun 24, 2015

commit:
Security-Onion-Solutions/securityonion-elsa-extras@4da13ba

Contributor Author

dougburks commented Jun 25, 2015

submitted for testing:
https://groups.google.com/d/topic/security-onion-testing/g7GxUYk5T3c/discussion

Contributor Author

dougburks commented Aug 3, 2015

Published:
http://blog.securityonion.net/2015/08/bro-24-now-available-for-security-onion.html

dougburks closed this as completed

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.