Bro脚本语法6-日志文件(Log Files)
@(教程)[Bro]
Network Protocols | | Log File | Description | Field Descriptions |
|---|
| conn.log | TCP/UDP/ICMP connections | Conn::Info |
| dhcp.log | DHCP leases | DHCP::Info |
| dnp3.log | DNP3 requests and replies | DNP3::Info |
| dns.log | DNS activity | DNS::Info |
| ftp.log | FTP activity | FTP::Info |
| http.log | HTTP requests and replies | HTTP::Info |
| irc.log | IRC commands and responses | IRC::Info |
| kerberos.log | Kerberos | KRB::Info |
| modbus.log | Modbus commands and responses | Modbus::Info |
| modbus_register_change.log | Tracks changes to Modbus holding registers | Modbus::MemmapInfo |
| mysql.log | MySQL | MySQL::Info |
| radius.log | RADIUS authentication attempts | RADIUS::Info |
| rdp.log | RDP | RDP::Info |
| rfb.log | Remote Framebuffer (RFB) | RFB::Info |
| sip.log | SIP | SIP::Info |
| snmp.log | SNMP messages | SNMP::Info |
| socks.log | SOCKS proxy requests | SOCKS::Info |
| ssh.log | SSH connections | SSH::Info |
| ssl.log | SSL/TLS handshake info | SSL::Info |
| syslog.log | Syslog messages | Syslog::Info |
| tunnel.log | Tunneling protocol events | Tunnel::Info |
Files | | Log File | Description | Field Descriptions |
|---|
| files.log | File analysis results | Files::Info |
| pe.log | Portable Executable (PE) | PE::Info |
| x509.log | X.509 certificate info | X509::Info |
NetControl | | Log File | Description Field | Descriptions |
|---|
| netcontrol.log | NetControl actions | NetControl::Info |
| netcontrol_drop.log | NetControl actions | NetControl::DropInfo |
| netcontrol_shunt.log | NetControl shunt actions | NetControl::ShuntInfo |
| netcontrol_catch_release.log | NetControl catch and release actions | NetControl::CatchReleaseInfo |
| openflow.log | OpenFlow debug log | OpenFlow::Info |
Detection | | Log File | Description | Field Descriptions |
|---|
| intel.log | Intelligence data matches | Intel::Info |
| notice.log | Bro notices | Notice::Info |
| notice_alarm.log | The alarm stream | Notice::ACTION_ALARM |
| signatures.log | Signature matches | Signatures::Info |
| traceroute.log | Traceroute detection | Traceroute::Info |
Network Observations | | Log File | Description | Field Descriptions |
|---|
| known_certs.log | SSL certificates | Known::CertsInfo |
| known_devices.log | MAC addresses of devices on the network | Known::DevicesInfo |
| known_hosts.log | Hosts that have completed TCP handshakes | Known::HostsInfo |
| known_modbus.log | Modbus masters and slaves | Known::ModbusInfo |
| known_services.log | Services running on hosts | Known::ServicesInfo |
| software.log | Software being used on the network | Software::Info |
Miscellaneous | | Log File | Description | Field Descriptions |
|---|
| barnyard2.log | Alerts received from Barnyard2 | Barnyard2::Info |
| dpd.log | Dynamic protocol detection failures | DPD::Info |
| unified2.log | Interprets Snort’s unified output | Unified2::Info |
| weird.log | Unexpected network-level activity | Weird::Info |
Bro Diagnostics | | Log File | Description | Field Descriptions |
|---|
| capture_loss.log | Packet loss rate | CaptureLoss::Info |
| cluster.log | Bro cluster messages | Cluster::Info |
| communication.log | Communication events between Bro or Broccoli instances | Communication::Info |
| loaded_scripts.log | Shows all scripts loaded by Bro | LoadedScripts::Info |
| packet_filter.log | List packet filters that were applied | PacketFilter::Info |
| prof.log | Profiling statistics (to create this log, load policy/misc/profiling.bro) | N/A |
| reporter.log | Internal error/warning/info messages | Reporter::Info |
| stats.log | Memory/event/packet/lag statistics | Stats::Info |
| stderr.log | Captures standard error when Bro is started from BroControl | N/A |
| stdout.log | Captures standard output when Bro is started from BroControl | N/A |
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理
