> Does anybody remember what Bro's option -z is for? Well it's there in CHANGES, per the appended. But yeah looks like it never went anywhere beyond the original instigation, so I think removing it is okay. OTOH, it's a pretty handy general notion, so instead pushing it further strikes me as also reasonable.
Vern 0.9a8 Wed Feb 16 17:09:34 PST 2005 .... - Bro now has a geneal mechanism internal for traversing policy scripts (Umesh Shankar). Various script analyses can be specified using the new -z flag. Currently, the one supported form of analysis is "-z notice", which prints all of the different types of notices that the script you've loaded can generate. For example, "bro -z notice ftp" will generate: Found NOTICE: BackscatterSeen Found NOTICE: FTP_PrivPort Found NOTICE: FTP_BadPort Found NOTICE: PortScan Found NOTICE: FTP_ExcessiveFilename Found NOTICE: ScanSummary Found NOTICE: AddressDropped Found NOTICE: DroppedPackets Found NOTICE: SensitiveConnection Found NOTICE: FTP_UnexpectedConn Found NOTICE: SSH_Overflow Found NOTICE: FTP_Sensitive Found NOTICE: TerminatingConnection Found NOTICE: PasswordGuessing Found NOTICE: AddressDropIgnored Found NOTICE: AddressScan _______________________________________________ bro-dev mailing list bro-dev@bro.org http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev