[Bro] Getting Started w/Bro

Joncarlo Ruggieri joncarlo at ucdavis.edu
Fri Apr 1 07:29:05 PST 2005


I am trying to run Bro v.9a8 on RedHat Enterprise Linux 4.

I have had to modify a few things to get this to run properly, and I'm not
certain everything is working.  Does anyone have instructions for
installing bro on RedHat?  Or should I just use FreeBSD instead?

Also, I am trying to use newer Snort signatures but am not sure just how
to do so.  I had to grab snort2bro from bro v.8a88, since I didn't find
the script in v.9a8.  I was able to create a converted file of signatures,
but I'm not sure what to do with it, or how to get it loaded. My questions

1) should this be named *.sig or *.bro

2) where should the file be placed?  /usr/local/bro/site/ ?

3) what do I modify (and how) so that these signatures are loaded/used?

Any help would be greatly appreciated.


Joncarlo Ruggieri
University of CA, Davis
Data Center & Client Services
jruggieri at ucdavis.edu

More information about the Bro mailing list