[Bro] BRO prelude sensor
Christian Kreibich
christian at whoop.org
Wed Mar 1 07:02:14 PST 2006
Hi Ander,
On Wed, 2006-03-01 at 15:34 +0100, (ikasle) ander elexpuru wrote:
> Hi Everybody!!!
> I am new here and I would like your help.
> I am studing computer science and I am doing the final proyect in
> security.
> I am running Bro 0.9a9 and I would like made it a prelude sensor, and
there should be some existing work on this here:
http://www.rstack.org/manux/
It's rather old, and as the author says, is "crappy code", which is
probably a good thing for your project. :)
For integrating Bro event communication with non-Bro applications, you
might find Broccoli (as of now included in the Bro distribution)
helpful:
http://www.cl.cam.ac.uk/~cpk25/broccoli/index.html
> also if it is posible to save alert information in a MySQl database.
That's a major feature we've been thinking of implementing for a while
now ourselves. It mainly hasn't happened yet due to lack of time. There
are a good deal of things to consider and before you start hacking away
it'd make it vastly more likely for your changes to end up in the Bro
distribution if we could discuss things first. Basically, we would like
to have fully decoupled output modules, where a default one might log to
files as is currently done, another one to a database, etc.
I'd suggest starting with familiarizing yourself with the current
notice/alarm framework first. Focus on the development branch, not the
stable one.
Cheers,
Christian.
--
________________________________________________________________________
http://www.cl.cam.ac.uk/~cpk25
http://www.whoop.org
More information about the Bro
mailing list