[Bro] Info on configuring bro inline in AWS as IDS

James Stallard JStallard at enquizit.com
Tue Jan 19 09:37:27 PST 2016

Hello Bros:

I'm just now installing bro for the government website at Small Business Admin.

The plan is to have bro behind our public ELBs as an in-line IDS, then route traffic to internal ELBs in front of our application / web servers.

As this is AWS, no tap is possible and the EC2s can be run in promiscuous mode either.

After a quick review of the documentation, I don't see where I can configure the routing once bro has done its work.

I.E. if I configure:

bro -i en0 <list of scripts to load>

do I need to then configure a script that will export all traffic to another agent such as an ELB or nginx ?

Any help would be appreceated.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160119/ce1b6530/attachment.html 

More information about the Bro mailing list