[Bro] Using Bro IDS in offline analysis
ssm_as
ssm_as at yahoo.com
Fri Feb 12 07:36:38 PST 2010
Hello,
Finally, I installed bro IDS (1.5.1) on my Ubuntu(9.10) machine. Of course, that after the useful information I got from this mailing list. Thanks you all
So after:
./configure
make
make install-broctl
I did not do nay sort of configuration this because I am not sure what should I do.
I do not want to use Bro for intrusion detection in real time. I am more interested in using it in forensics and intrusion analysis.
Shortly, I have several network binary file is PCAP and TCPDUMP format. I want to parse these files with Bro and get the bro alerts in machine readab;e format (txt, csv, or whaterver).
1- Is that possible ( Usually I use snort and it is very easy to accomplish but I am planning to compare between Snort and Bro)?
2- What are the configurations that I need?
Thanks,
Sherif Saad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20100212/b2a3afcf/attachment.html
More information about the Bro
mailing list