[Bro] Adding policies & bro.cfg
Vern Paxson
vern at icir.org
Tue Jun 14 00:41:00 PDT 2005
[sorry for the delay in following up on this]
> There is an entry in the bro.cfg file for the 'start policy'. I am guessing
> that this is not 'local.site.bro' because that already lives in $BROHOME/etc
> and apparently gets called automatically. What typically goes in the start
> policy?
The convention we've used is that there's a file hostname.domain.tld.bro
(e.g., watcher.lbl.gov.bro) which corresponds to the specific config that's
running on the host hostname.domain.tld. This will for example load a
specific set of anlayzers and redef "interfaces" to match the particular
hardware used by the host.
Vern
More information about the Bro
mailing list