[Bro] How to Detect the attacks from the logs
srunnels at gmail.com
Fri Oct 5 04:46:39 PDT 2012
The current version of Bro is 2.1 and I think you'd be better served
running the more up-to-date version.
As for understanding Logs you can watch the videos from the 2011 Bro
Workshop at http://www.bro-ids.org/community/workshop2011.html
On Friday, October 5, 2012, Diwakar Dinkar wrote:
> I have installed BRO IDS 1.5.3. I have also installed Broctl. I have BRO
> IDS and Broctl in Ubuntu 12.04. I am newbie to BRO IDS. I am not getting
> proper documentation regarding the BRO IDS.I have performed some Denial of
> Service attack like UDP Storm and TCP Sync attack on my system through some
> other systems in my network. Log is maintained in the directory
> usr/local/bro/logs. I am unable to understand the logs. I want to know the
> following things:
> 1. how to detect the attacks from the logs.
> 2. How to generate reports regarding attacks automatically
> 3. How to get the email regarding the reports.
> Please, help me regarding this. I will be highly obliged to you for this.
> Best regards
> Diwakar Kumar Dinkar
> Project Fellow
> IIT Patna
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro