> Does anybody remember what Bro's option -z is for?
Well it's there in CHANGES, per the appended. But yeah looks like it never
went anywhere beyond the original instigation, so I think removing it is okay.
OTOH, it's a pretty handy general notion, so instead pushing it further
strikes me as also reasonable.
Vern
0.9a8 Wed Feb 16 17:09:34 PST 2005
....
- Bro now has a geneal mechanism internal for traversing policy scripts
(Umesh Shankar). Various script analyses can be specified using the
new -z flag.
Currently, the one supported form of analysis is "-z notice", which
prints all of the different types of notices that the script you've
loaded can generate. For example, "bro -z notice ftp" will generate:
Found NOTICE: BackscatterSeen
Found NOTICE: FTP_PrivPort
Found NOTICE: FTP_BadPort
Found NOTICE: PortScan
Found NOTICE: FTP_ExcessiveFilename
Found NOTICE: ScanSummary
Found NOTICE: AddressDropped
Found NOTICE: DroppedPackets
Found NOTICE: SensitiveConnection
Found NOTICE: FTP_UnexpectedConn
Found NOTICE: SSH_Overflow
Found NOTICE: FTP_Sensitive
Found NOTICE: TerminatingConnection
Found NOTICE: PasswordGuessing
Found NOTICE: AddressDropIgnored
Found NOTICE: AddressScan
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
