On Apr 29, 4:08 pm, "dan (ddp)" <[email protected]> wrote:
> The rules as written required bro-ids to alert via syslog, watching > the individual bro-ids logs would be quite intensive and not all of > the formats were really easily parsed. This is changing for the next release of Bro which will use tab separated columns as the default for text based output. The new logs will be much more comprehensive than the old logs and much easier to parse. :) .Seth -- Seth Hall International Computer Science Institute (Bro) because everyone has a network http://www.bro-ids.org/
