[Bro] Using Bro IDS in offline analysis

ssm_as ssm_as at yahoo.com
Fri Feb 12 07:36:38 PST 2010


Finally, I installed bro IDS (1.5.1) on my Ubuntu(9.10) machine. Of course, that after the useful information I got from this mailing list. Thanks you all

So after:
make install-broctl

I did not do nay sort of configuration this because I am not sure what should I do.
I do not want to use Bro for intrusion detection in real time. I am more interested in using it in forensics and intrusion analysis.

Shortly, I have several network binary file is PCAP and TCPDUMP format. I want to parse these files with Bro and get the bro alerts in machine readab;e format (txt, csv, or whaterver).

1- Is that possible ( Usually I use snort and it is very easy to accomplish but I am planning to compare between Snort and Bro)?

2- What are the configurations that I need?

Sherif Saad


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100212/b2a3afcf/attachment.html 

More information about the Bro mailing list