The Direction type (defined in base/utils/directions-and-hosts.bro)
currently has directions for:
- remote orig, local resp
- local orig, remote resp
- bidirectional ("Only one endpoint is within the locally-monitored
network, meaning the connection is either outbound or inbound.")
- no_direction ("This value doesn't match any connection.")
Does it make sense to add LOCAL == local orig, local resp? Similarly, do we
want to add EXTERNAL == remote orig, remote resp?
I'm looking at this for the SSH log in particular.
--Vlad
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
