[Bro] How to use Broccoli to pull event from Bro

fql fengqingleiyue at 163.com
Wed Aug 13 03:44:55 PDT 2014


Hi Everyone; 
    we are now using Bro to decode netflow and packet , and we found that it 's pretty good product , it gave use such a big impression , but one thing we feel a little  truble is that, the log writer can only write all the network activity into some log files (http.log,conn.log), i went though some documents on www.bro.org , and found that it supports DataSeries , ElasticSearch & SQLIte database as extral outputs  , unforunately none of this features match our requriment . however i found another thing called "Broccoli " can talk to Bro . i wrote some C program which can sent event to Bro and get the event which i defined from Bro , Now i have a question , can i use "Broccoli" to pull the event which looks like the lines in the log files [e.g "conn.log"] or send the content of these logs in some format like Syslog to some server , if anyone know how to do it , please tell me , because i was haunnted by this question for a log time .  
Thanks you for your time on my eamil . 


Regards,
Fql 


-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140813/d5ab3835/attachment.html 


More information about the Bro mailing list