[Bro] GEOIP
Seth Hall
hall.692 at osu.edu
Fri Sep 12 05:44:19 PDT 2008
On Sep 12, 2008, at 8:33 AM, Jim Bo wrote:
> Is there a way to extract the incoming IP addresses on ports 80 and
> 443 and run the IP addresses through GeoIP.
That's more or less what the script does that I sent to the list.
(except for port 443). I guess I just don't know what end result
you're looking to get.
> Also is there any sort of
> documentation or even books that I can look at / buy that would help
> me with this type of stuff so that I dont have to keep bothering you.
The best current documentation is in the slides and related exercises
from Bro workshop that took place last summer.
http://bro-ids.org/wiki/index.php/WorkshopMaterial
A *little* bit of documentation about the libGeoIP support can be
found here:
http://bro-ids.org/wiki/index.php/GeoLocation
There is also a lot of good material to be found in the manuals:
http://bro-ids.org/wiki/index.php/User_Manual
http://bro-ids.org/wiki/index.php/Reference_Manual
Hopefully that helps. Feel free to keep asking questions though.
.Seth
More information about the Bro
mailing list