sconzo at visiblerisk.com
Wed Aug 15 15:02:15 PDT 2012
I'm probably way off base here, but since you mention netflow, why not use it?
On Wed, Aug 15, 2012 at 4:02 PM, Alex Tarter <Alex.Tarter at ultra-3eti.com> wrote:
> I was wondering if you could help us out. We've been hitting our head
> against the wall trying to get Bro doing what we need and we're running out
> of time. We need to get a simple demo done by the end of the month that we
> thought would be simple to do in Bro but is fast becoming a nightmare!
> I know you guys are busy, but could you assist?
> What we want to do is simple:
> 1. Track the amount of TCP traffic over the course of an hour and log it
> 2. If the amount of traffic over one hour goes above a certain amount then
> raise an alarm - hopefully spawn a process to send an SNMP trap rather than
> send an email
> 3. Record the netflow info of each connection in a log
> It's that simple!
> We probably sound like idiots, but for some reason we can't work out how to
> do it. Anything you could do to point us on the right direction would be
> If we could possibly have a telecom as well, then we'd be ecstatic :)
> Much obliged, and I hope your Bro-Exchange went well
> Bro mailing list
> bro at bro-ids.org
cat ~/.bash_history > documentation.txt
More information about the Bro