[Bro] BRO logs after http attacks

masoom alam masoom.alam at gmail.com
Wed Oct 28 16:04:32 PDT 2015

Hi Everyone,

We are trying to monitor the BRO logs after self generated HTTP attacks. In
our lab we are trying to attack a web server through metasploit for HTTP
SQL injection attacks. The goal is to monitor the attacks
parameters/indicators via BRO logs. Are we on the right track. In
particular what is the ALERT/ALARM mechanism for BRO when it detect an
attack....is it indicated in the logs.....or there are some places to look
for it and not just logs. Till now, while surfing the BRO logs, we have not
found any attack information....

Please guide.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151028/af02de40/attachment.html 

More information about the Bro mailing list