[Bro] Empty reports!!

Angelita de Cássia Corrêa angelita at uol.com.br
Tue Jul 19 14:20:24 PDT 2005 

Brian,

Do you have some news about the report project ?  I didn't obtain results
with reports, it generates empty. :(

And I need to analyse the alerts in detail. I need to identify if alerts are
scan ou what kind of attacks, or if they are false positives. Do you
understand me?

The logs are not enough to obtain these information.

Thanks
Angelita


----- Original Message ----- 
From: "Brian Tierney" <BLTierney at lbl.gov>
To: "Angelita de Cássia Corrêa" <angelita at uol.com.br>
Cc: <Bro at bro-ids.org>; <bro at ICSI.Berkeley.EDU>
Sent: Monday, June 27, 2005 6:21 PM
Subject: Re: [Bro] Empty reports!!



The report generation component of Bro is very much still in the "pre-
alpha" stages, and the student
who was working on this is now working on another project.

I'll try to answer a couple of your questions:

1) scan reporting is off by default, the reports were too long with
all the scans included
      (Im not sure how to turn them on)
2) by default, the report scripts look for "yesterdays" data, so you
have to collect 1 days data,
then run the report
3) there should be nothing in the /usr/local/bro/archive directory
unless you are running
the cron script: bro_log_compress.sh


You'll likely need to modify the report generation scripts by hand to
get them to generate
exactly what you want.

Hope this helps.


On Jun 21, 2005, at 11:29 AM, Angelita de Cássia Corrêa wrote:

> Administrators,
>
> I have bro version bro-0.9a9  running.  I see files in  /usr/local/
> bro/logs correctly, but the reports are empty.
>
> The other problem is the /usr/local/bro/archive direttory is empty
> too.
>
> What can I do to generate the correctly reports?
>
> I tested with one and two interfaces (etho and eth1), I'm using Red
> Hat Enterprise ES 3.
>
> I saw the traffice using tcpdump.
>
>
> Thanks!
> Angelita
>
>
>

------------------------------------------------------------------------ 
-------------------
   Brian L. Tierney,   Lawrence Berkeley National Laboratory (LBNL)
   1 Cyclotron Rd.  MS: 50B-2239,  Berkeley, CA  94720
   tel: 510-486-7381    fax: 510-495-2998   efax:  240-332-4065
   bltierney at lbl.gov   http://www-didc.lbl.gov/~tierney
------------------------------------------------------------------------ 
------------------



_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list