Bro脚本语法6-日志文件(Log Files)
来源:互联网 发布:淘宝如何添加子账号 编辑:程序博客网 时间:2024/04/29 17:35
Bro脚本语法6-日志文件(Log Files)
@(教程)[Bro]
Network Protocols
Log File | Description | Field Descriptions | conn.log TCP/UDP/ICMP connections Conn::Info dhcp.log DHCP leases DHCP::Info dnp3.log DNP3 requests and replies DNP3::Info dns.log DNS activity DNS::Info ftp.log FTP activity FTP::Info http.log HTTP requests and replies HTTP::Info irc.log IRC commands and responses IRC::Info kerberos.log Kerberos KRB::Info modbus.log Modbus commands and responses Modbus::Info modbus_register_change.log Tracks changes to Modbus holding registers Modbus::MemmapInfo mysql.log MySQL MySQL::Info radius.log RADIUS authentication attempts RADIUS::Info rdp.log RDP RDP::Info rfb.log Remote Framebuffer (RFB) RFB::Info sip.log SIP SIP::Info snmp.log SNMP messages SNMP::Info socks.log SOCKS proxy requests SOCKS::Info ssh.log SSH connections SSH::Info ssl.log SSL/TLS handshake info SSL::Info syslog.log Syslog messages Syslog::Info tunnel.log Tunneling protocol events Tunnel::Info
Files
Log File | Description | Field Descriptions | files.log File analysis results Files::Info pe.log Portable Executable (PE) PE::Info x509.log X.509 certificate info X509::Info
NetControl
Log File | Description Field | Descriptions | netcontrol.log NetControl actions NetControl::Info netcontrol_drop.log NetControl actions NetControl::DropInfo netcontrol_shunt.log NetControl shunt actions NetControl::ShuntInfo netcontrol_catch_release.log NetControl catch and release actions NetControl::CatchReleaseInfo openflow.log OpenFlow debug log OpenFlow::InfoDetection
Log File | Description | Field Descriptions | intel.log Intelligence data matches Intel::Info notice.log Bro notices Notice::Info notice_alarm.log The alarm stream Notice::ACTION_ALARM signatures.log Signature matches Signatures::Info traceroute.log Traceroute detection Traceroute::InfoNetwork Observations
Log File | Description | Field Descriptions | known_certs.log SSL certificates Known::CertsInfo known_devices.log MAC addresses of devices on the network Known::DevicesInfo known_hosts.log Hosts that have completed TCP handshakes Known::HostsInfo known_modbus.log Modbus masters and slaves Known::ModbusInfo known_services.log Services running on hosts Known::ServicesInfo software.log Software being used on the network Software::InfoMiscellaneous
Log File | Description | Field Descriptions | barnyard2.log Alerts received from Barnyard2 Barnyard2::Info dpd.log Dynamic protocol detection failures DPD::Info unified2.log Interprets Snort’s unified output Unified2::Info weird.log Unexpected network-level activity Weird::InfoBro Diagnostics
Log File | Description | Field Descriptions | capture_loss.log Packet loss rate CaptureLoss::Info cluster.log Bro cluster messages Cluster::Info communication.log Communication events between Bro or Broccoli instances Communication::Info loaded_scripts.log Shows all scripts loaded by Bro LoadedScripts::Info packet_filter.log List packet filters that were applied PacketFilter::Info prof.log Profiling statistics (to create this log, load policy/misc/profiling.bro) N/A reporter.log Internal error/warning/info messages Reporter::Info stats.log Memory/event/packet/lag statistics Stats::Info stderr.log Captures standard error when Bro is started from BroControl N/A stdout.log Captures standard output when Bro is started from BroControl N/A 0 0
