[Bro] Attach Barnyard2 to Bro2

Siwek, Jonathan Luke jsiwek at illinois.edu
Mon Jan 27 10:14:31 PST 2014

On Jan 27, 2014, at 11:54 AM, Jeremy Cox <jeremy.cox at washk12.org> wrote:

> But I'm not sure where those alerts end up being logged in bro.

It produces a barnyard2.log.

Did you redef Communication::nodes to register Bro to receive the barnyard events?  E.g. in site/local.bro put code like the following:

 @load policy/integration/barnyard2
  redef Communication::nodes += {
      ["local"] = [$host=, $class="barnyard", $events=/Barnyard2::barnyard_alert/, $connect = F]

- Jon

More information about the Bro mailing list