[Bro] HELP!

Mike Sconzo sconzo at visiblerisk.com
Wed Aug 15 15:02:15 PDT 2012


I'm probably way off base here, but since you mention netflow, why not use it?

On Wed, Aug 15, 2012 at 4:02 PM, Alex Tarter <Alex.Tarter at ultra-3eti.com> wrote:
> Robin,
>
> I was wondering if you could help us out. We've been hitting our head
> against the wall trying to get Bro doing what we need and we're running out
> of time. We need to get a simple demo done by the end of the month that we
> thought would be simple to do in Bro but is fast becoming a nightmare!
>
> I know you guys are busy, but could you assist?
>
> What we want to do is simple:
> 1. Track the amount of TCP traffic over the course of an hour and log it
> 2. If the amount of traffic over one hour goes above a certain amount then
> raise an alarm - hopefully spawn a process to send an SNMP trap rather than
> send an email
> 3. Record the netflow info of each connection in a log
>
> It's that simple!
>
> We probably sound like idiots, but for some reason we can't work out how to
> do it. Anything  you could do to point us on the right direction would be
> great.
>
> If we could possibly have a telecom as well, then we'd be ecstatic :)
>
> Much obliged, and I hope your Bro-Exchange went well
>
> Alex
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



-- 
cat ~/.bash_history > documentation.txt



More information about the Bro mailing list