[Bro] Multiple bro nodes

CS Lee geek00l at gmail.com
Wed Jan 31 06:01:09 PST 2007


I haven't seen any discussion on this matter yet, while I have heard how bro
developers fully utilize bro-ids system.

What's the good and standard management and maintenance  process when one
deploy multiple bro-ids nodes in the site? This is tricky, as most of
security admins always have their own way of administration, but I would
like to know how bro-ids developers such as Vern, Christian or Robin doing
it or others who would like to share the idea.

How are the analysis and correlation process that can be done through
multiple bro-ids node?

I know bro-ids documentation is improving especially after wiki is launched.
But I still hardly find the answer for the questions above. I would like to
know how it is done practically.


Best Regards,

CS Lee<geekooL[at]gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20070131/4df7848b/attachment.html 

More information about the Bro mailing list