[Bro] any ArcSight users?

Brad Doctor brad.doctor at gmail.com
Wed May 15 12:08:26 PDT 2013


in the .bro files, some changes have been made to the format to better
suite our needs. as such that completely breaks the arcsight connector.


On Wed, May 15, 2013 at 1:02 PM, Seth Hall <seth at icir.org> wrote:

>
> On May 15, 2013, at 2:50 PM, Brad Doctor <brad.doctor at gmail.com> wrote:
>
> > we did, but as we customize our format, it didn't work. and we have a
> lot of sensors reporting in via syslog forwarding, so the flexconnector was
> the most reliable way to do this. syslog subagent, basically.
>
> What do you mean you customize your format?
>
>   .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130515/efdc5c0a/attachment.html 


More information about the Bro mailing list