[Bro] Bro logging
David Vasil
dmvasil at ornl.gov
Mon Feb 20 08:35:58 PST 2006
Hello, I'm using Bro 1.0 with some success at high rates of traffic. I
would like to configure some automatic handling of
signiture/portscans/etc by parsing log output with SEC and syslog-ng. I
set 'redef syslog_alarms = T;' in my site policy after which Bro failed
to start giving this warning:
line 51 (syslog_alarms): error, "redef" used but not previously defined
I tried setting 'global enable_syslog = T &redef;' instead, but it didnt
seem to put any of the warnings from signitures in syslog.
What is the proper way of doing this? Thanks.
--
| David Vasil <dmvasil at ornl.gov>
| Oak Ridge National Laboratory NCCS Division
| High Performance Computing Systems Administrator
| Bldg: 5600-A115 Phone: (865)241-5562
More information about the Bro
mailing list