[Bro] bro comparison to snort operation
jbabio at po-box.esu.edu
Wed Jun 26 10:21:40 PDT 2013
I need some clarification. I am trying to understand the operations of Bro and it relates to how snort operates. I am having a little trouble with a few things.
1.Where are default rules/signatures/scripts stored in the folder structure?
2. What log file are we supposed to pay attention to? Communication, Notices, Weird or all of them?
3. Where do we place custom bro scripts we write?
4. Is there a skeleton of a basic script somewhere so I know where to start?
5. Where in Bro to I specify sending the data to an external ELSA server?
Thanks for your help!
More information about the Bro