[Bro] BRO logs after http attacks
masoom.alam at gmail.com
Wed Oct 28 16:04:32 PDT 2015
We are trying to monitor the BRO logs after self generated HTTP attacks. In
our lab we are trying to attack a web server through metasploit for HTTP
SQL injection attacks. The goal is to monitor the attacks
parameters/indicators via BRO logs. Are we on the right track. In
particular what is the ALERT/ALARM mechanism for BRO when it detect an
attack....is it indicated in the logs.....or there are some places to look
for it and not just logs. Till now, while surfing the BRO logs, we have not
found any attack information....
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro