Next: The log Module
Up: Analyzers and Events
Previous: The port-name Module
Contents
Index
The mt Module
The mt module is intended to provide a convenient way
to run (almost) all of the analyzers. It @load's the following
other modules and analyzers:
log,
dns,
hot,
port-name,
frag,
tcp,
scan,
weird,
finger,
ident,
ftp,
login and
portmapper.
So you can run Bro using bro -i in0 mt to have it analyze
traffic on interface in0 using the above analyzers
(§ ); or you can @load mt to load in the above
analyzers.
Note: The mt analyzer doesn't load http (because
it can prove a very high load for many sites)
nor experimental analyzers such as stepping
or backdoor.
Vern Paxson
2004-03-21