[Bro] How to Detect the attacks from the logs
diwakar.dinkar at gmail.com
Fri Oct 5 02:44:42 PDT 2012
I have installed BRO IDS 1.5.3. I have also installed Broctl. I have BRO
IDS and Broctl in Ubuntu 12.04. I am newbie to BRO IDS. I am not getting
proper documentation regarding the BRO IDS.I have performed some Denial of
Service attack like UDP Storm and TCP Sync attack on my system through some
other systems in my network. Log is maintained in the directory
usr/local/bro/logs. I am unable to understand the logs. I want to know the
1. how to detect the attacks from the logs.
2. How to generate reports regarding attacks automatically
3. How to get the email regarding the reports.
Please, help me regarding this. I will be highly obliged to you for this.
Diwakar Kumar Dinkar
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro