[Bro] Bro-IDS integration to sguil
Jean-Philippe Luiggi
jp.luiggi at free.fr
Tue Jul 4 11:09:59 PDT 2006
Hello Lee,
The question is what sort of data sguil is waiting for :
text, binaries, syslog ?
Bro is able to send data using various methods so as soon as
we know what do we need to send, we'll see how doing this.
Best regards.
PS: i find your idea very good.
Best regards.
On Tue, Jul 04, 2006 at 07:27:56AM -0700, Lee Sheng wrote:
> Hi all, I think I had previously mentioned the
> availabilities of brooery and Christian has replied
> with the answer that brooery is not ready yet and
> recommend me to try sguil. I have been long time user
> of sguil under production environment, and I would
> like to see the integration of bro-ids to provide
> alert data to sguil.
>
> While sguil integrates 4 forms of data including alert
> data that provided by snort, I think that's possible
> to have bro-IDS alert data sending to sguil as well. I
> have talked to the core developer of sguil - Bamm, and
> he told me that it can be done by having bro talking
> to the sensor_agent.tcl.
>
> I'm not that familiar with bro comparing to snort,
> thus I would like to know any pointer and reference
> that can help me to complete the integration of bro to
> sguil. Many Thanks.
>
> I think that would be lovely to have it done.
>
>
>
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam protection around
> http://mail.yahoo.com
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list