[Bro] new to bro, a few questions

anthony kasza anthony.kasza at gmail.com
Sun Feb 5 14:03:55 PST 2017

You may want to look at Bro's "bare mode". It starts Bro without many of
Bro's features.


On Feb 4, 2017 8:23 PM, "John Brown (isFaster)" <john at isfaster.com> wrote:

> Hi,  I'm new to Bro and I'm wondering how I can do a couple of things:
> 1.  I'd like to basically disable all of the various rules and detection
> stuff.
> 2. I'd like to create a simple rule that detects say DNS packets with
> cpsc.gov in the query or answer
> Figure it would be best to start simple and then build up rules (either my
> own, or others) as I need them.   Sort of a K&R "Hello World" approach..
> Any specifics would be much appreciated.
> Thank you
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170205/2692f167/attachment.html 

More information about the Bro mailing list