[Bro] Exporting bro alarms and notices
George Noseevich
ngo at lvk.cs.msu.su
Thu Nov 10 05:07:41 PST 2011
Hello members of the mailing list.
What is the proper way to export alarms generated by bro for further
processing/import into another ids?
As far as I understand the docs, bro by default dumps generated alarms
to the file or can send them via email. Is there a way to extend bro to
enable e.g. storing alarms in a database? Or maybe there is a way to
subscribe to alarms from broccoli-enabled custom app (though as far as I
understand the docs, via broccoli one can only subscribe to bro's
events, not alerts or notices)?
The only way to achieve alarm export I see at the moment is to parse the
logfile, which is obviously an ugly cludge.
Thanks in advance for your answers.
PS. And could you please clarify what is the current status of IDMEF
support in bro?
--
George.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20111110/f2f1ae03/attachment.html
More information about the Bro
mailing list