[Bro] Bro not producing a notice.log
dopheide at gmail.com
Thu Apr 7 16:04:39 PDT 2016
I want to say that's likely because AWS disables promiscuous mode so
getting Bro to work requires some additional tricks. Can anyone verify?
On Thursday, April 7, 2016, Paweł Piszczatowski <pawelec93 at googlemail.com>
> I have a Bro cluster setup in the AWS cloud, currently just with one node.
> My problem is that Bro is not producing the notice.log, it should just log
> successful SSH logins but it doesn't. I have tried SSH and FTP bruteforcing
> the worker node and exceeding the limit of failed connections, again no
> notice.log. I can see the detect-bruteforcing.bro scripts loaded in the
> loaded_scripts.log. I am pretty new to Bro, so I am not sure what I am
> doing wrong.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro