BRA: The Bro Re-usable Architecture (release 0.1a) -- A set of scripts to help in using and setting up a Bro environment.

Christopher Jay Manders Chris.Manders at UnixHelpDesk.COM
Sat Jul 5 19:42:23 PDT 2003 

Hi,

I have been toying with a set of scripts for some time now to help those 
that use or plan to use bro.

In my opinion, there needs to be more consistency in bro implementations 
   (I have now seen a few) to actually be able to provide any further 
supplementary scripts and applications that can help in making the use 
of bro as effective as possible.

What I have done is to compile a set of scripts that comprise a base 
environment in which bro can run. Since they get bro up and going with 
many re-usable aspects, I have dubbed my set of scripts BRA (the Bro 
Re-usable Architecture). These scripts are meant to compliment the use 
of bro in an environment and are independent of any bro policies used.

The main features of BRA are:
1) The BRA environment encapsulates and provides wrapper functions for 
running Bro.
2) All of the scripts are written in PERL for consistency.
3) All of the scripts use one single configuration file (~/etc/config.cf).
4) All of the scripts are meant to be small and take up little disk 
space, memory and cpu.
5) Provide a means to 'checkpoint' or 'restart' a Bro instantiation 
without loss of network traffic analysis.
6) Provide a default set of reports that are sent to those using Bro 
(coming in next release).
7) Help organize the log files for later use.

Please feel free to download the initial BRA release (this is a very 
early alpha release) from here:
http://www.UnixHelpDesk.COM/~cmanders/projects/bra.html
This is just the bare-bones version that I am releasing, as I have a 
more robust setup for myself. Eventually I'll add the pieces that make 
the most sense, or that are found to be the most useful, in updates.

I am very interested in feedback, suggestions or other comments to 
further provide a bro environment that folks find to be pleasing and 
useful.

NOTE: The BRA setup does not provide any software such as bro. You will 
need to download and compile bro independently.


Cheers!

Christopher

More information about the Bro mailing list