[Bro] Off-line analysis

Vern Paxson vern at icir.org
Sun Dec 5 14:28:35 PST 2004


> For what its worth, I've been attempting to compare snort vs bro for a class
> (perhaps like you are) and evidently I'm doing something wrong since I get
> dozens of unique alerts (or alarms) in snort, but only 3 unique ones in bro.
> I'm sure it is  a configuration problem but if anyone wants to volunteer any
> suggestions it would be appreciated.

Can you send me an example (perhaps off-line)?

		Vern



More information about the Bro mailing list