[Bro] Bro logging
Brian Tierney
bltierney at lbl.gov
Mon Feb 20 14:34:01 PST 2006
Sorry, but the manual is not correct re: 'redef syslog_alarms = T;'
However by default all alarms should be going to syslog, (see
bro.init: const enable_syslog = T &redef;)
You have alerts in your alarm file that are not in syslog? Maybe
check you syslog.conf file?
On Feb 20, 2006, at 8:35 AM, David Vasil wrote:
> Hello, I'm using Bro 1.0 with some success at high rates of
> traffic. I
> would like to configure some automatic handling of
> signiture/portscans/etc by parsing log output with SEC and syslog-
> ng. I set 'redef syslog_alarms = T;' in my site policy after which
> Bro failed to start giving this warning:
>
> line 51 (syslog_alarms): error, "redef" used but not previously
> defined
>
> I tried setting 'global enable_syslog = T &redef;' instead, but it
> didnt seem to put any of the warnings from signitures in syslog.
>
> What is the proper way of doing this? Thanks.
>
> --
> | David Vasil <dmvasil at ornl.gov>
> | Oak Ridge National Laboratory NCCS Division
> | High Performance Computing Systems Administrator
> | Bldg: 5600-A115 Phone: (865)241-5562
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
------------------------------------------------------------------------
-------------------
Brian L. Tierney, Lawrence Berkeley National Laboratory (LBNL)
1 Cyclotron Rd. MS: 50B-2239, Berkeley, CA 94720
tel: 510-486-7381 fax: 510-495-2998 efax: 425-642-4558
bltierney at lbl.gov http://dsd.lbl.gov/~tierney
------------------------------------------------------------------------
------------------
More information about the Bro
mailing list