basic bro health monitor

scott campbell scampbell at lbl.gov
Mon Oct 6 17:18:02 PDT 2003


I discovered this weekend that it would be nice to be made aware of many 
of the following situations: high cpu load, large memory footprint, 
unusually large connections/minute recorded, or a large number of 
drops/minute activated in a running bro.

Having bro alert on this information can give us a better idea of when 
unusual (as in hostile) things are happening to the network.

This is a basic outline for a monitor script - it is a bit rough about 
the edges, but it seems to do the job.  Making additions to the script 
should be trivial.

scott
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: monitor.bro
Url: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20031006/16d475de/attachment.ksh 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 252 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20031006/16d475de/attachment.bin 


More information about the Bro mailing list