[Bro] Newbie at bro, some questions

Yagyesh Srivastava ysrivas at ncsu.edu
Mon Sep 26 15:08:36 PDT 2016


That's great thanks.
Could anyone please let me know, what if we want to test some attack
traffic which is not mentioned in the traces.
How do we do that?
Do we have some more traces present which don't come to bro directory by
default?
Because I feel SQL Injection and HTTP brute force are common attack traffic
and should ideally be present in the traces.

Regards

On Sep 26, 2016 4:17 PM, "Dane Wullen" <brot212 at googlemail.com> wrote:

> Hi there,
>
> you can read in trace files via a command shell:
>
> bro -r <your_trace_file>
>
> Bro will then generate log files in the directory you run the command.
>
> To test a bro-script with a trace file you could run the command
>
> bro -r <your_trace_file> <your_bro_script>
>
> Cheers
> Am 26.09.2016 um 22:01 schrieb Yagyesh Srivastava:
>
> Hi,
>
>
> I am very new to bro, i dont quite fully understand how traces work.
> What i need to do is generate some attack traffic to test the changes i am
> trying to make. I see there are some traces in bro, how do these work?
> As in how can i use those to test with bro?
>
> Also in the bro traces, i dont find the traffic for DOS attack and sql
> injection attack, can we find the traces for these somewhere else?
>
> Thanks and regards
> Yagyesh
>
>
> _______________________________________________
> Bro mailing listbro at bro-ids.orghttp://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160926/3e3c0111/attachment.html 


More information about the Bro mailing list