[Bro] Bro-IDS integration to sguil
jp.luiggi at free.fr
Tue Jul 4 11:09:59 PDT 2006
The question is what sort of data sguil is waiting for :
text, binaries, syslog ?
Bro is able to send data using various methods so as soon as
we know what do we need to send, we'll see how doing this.
PS: i find your idea very good.
On Tue, Jul 04, 2006 at 07:27:56AM -0700, Lee Sheng wrote:
> Hi all, I think I had previously mentioned the
> availabilities of brooery and Christian has replied
> with the answer that brooery is not ready yet and
> recommend me to try sguil. I have been long time user
> of sguil under production environment, and I would
> like to see the integration of bro-ids to provide
> alert data to sguil.
> While sguil integrates 4 forms of data including alert
> data that provided by snort, I think that's possible
> to have bro-IDS alert data sending to sguil as well. I
> have talked to the core developer of sguil - Bamm, and
> he told me that it can be done by having bro talking
> to the sensor_agent.tcl.
> I'm not that familiar with bro comparing to snort,
> thus I would like to know any pointer and reference
> that can help me to complete the integration of bro to
> sguil. Many Thanks.
> I think that would be lovely to have it done.
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> Bro mailing list
> bro at bro-ids.org
More information about the Bro