[Bro] How to Detect the attacks from the logs

Scott Runnels srunnels at gmail.com
Fri Oct 5 04:46:39 PDT 2012

Hi Diwakar,

The current version of Bro is 2.1 and I think you'd be better served
running the more up-to-date version.

As for understanding Logs you can watch the videos from the 2011 Bro
Workshop at  http://www.bro-ids.org/community/workshop2011.html


On Friday, October 5, 2012, Diwakar Dinkar wrote:

> Hi,
>  I have installed BRO IDS 1.5.3. I have also installed Broctl. I have BRO
> IDS and Broctl in Ubuntu 12.04. I am newbie to BRO IDS. I am not getting
> proper documentation regarding the BRO IDS.I have performed some Denial of
> Service attack like UDP Storm and TCP Sync attack on my system through some
> other systems in my network. Log is maintained in the directory
> usr/local/bro/logs. I am unable to understand the logs. I want to know the
> following things:
> 1. how to detect the attacks from the logs.
> 2. How to generate reports regarding attacks automatically
> 3. How to get the email regarding the reports.
> Please, help me regarding this. I will be highly obliged to you for this.
> --
> Best regards
>    Diwakar Kumar Dinkar
>    Project Fellow
>    IIT Patna
>    +91-7631740230

Scott Runnels
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20121005/80647afe/attachment.html 

More information about the Bro mailing list