[Bro] How to Detect the attacks from the logs

Diwakar Dinkar diwakar.dinkar at gmail.com
Fri Oct 5 02:44:42 PDT 2012


 I have installed BRO IDS 1.5.3. I have also installed Broctl. I have BRO
IDS and Broctl in Ubuntu 12.04. I am newbie to BRO IDS. I am not getting
proper documentation regarding the BRO IDS.I have performed some Denial of
Service attack like UDP Storm and TCP Sync attack on my system through some
other systems in my network. Log is maintained in the directory
usr/local/bro/logs. I am unable to understand the logs. I want to know the
following things:

1. how to detect the attacks from the logs.
2. How to generate reports regarding attacks automatically
3. How to get the email regarding the reports.

Please, help me regarding this. I will be highly obliged to you for this.

Best regards
   Diwakar Kumar Dinkar
   Project Fellow
   IIT Patna
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20121005/321b74cc/attachment.html 

More information about the Bro mailing list