[Bro] HELP!
Slagell, Adam J
slagell at illinois.edu
Wed Aug 15 15:24:27 PDT 2012
Or use the conn.log
Sent from my mobile
On Aug 15, 2012, at 5:03 PM, "Mike Sconzo" <sconzo at visiblerisk.com> wrote:
> I'm probably way off base here, but since you mention netflow, why not use it?
>
> On Wed, Aug 15, 2012 at 4:02 PM, Alex Tarter <Alex.Tarter at ultra-3eti.com> wrote:
>> Robin,
>>
>> I was wondering if you could help us out. We've been hitting our head
>> against the wall trying to get Bro doing what we need and we're running out
>> of time. We need to get a simple demo done by the end of the month that we
>> thought would be simple to do in Bro but is fast becoming a nightmare!
>>
>> I know you guys are busy, but could you assist?
>>
>> What we want to do is simple:
>> 1. Track the amount of TCP traffic over the course of an hour and log it
>> 2. If the amount of traffic over one hour goes above a certain amount then
>> raise an alarm - hopefully spawn a process to send an SNMP trap rather than
>> send an email
>> 3. Record the netflow info of each connection in a log
>>
>> It's that simple!
>>
>> We probably sound like idiots, but for some reason we can't work out how to
>> do it. Anything you could do to point us on the right direction would be
>> great.
>>
>> If we could possibly have a telecom as well, then we'd be ecstatic :)
>>
>> Much obliged, and I hope your Bro-Exchange went well
>>
>> Alex
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
>
> --
> cat ~/.bash_history > documentation.txt
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
More information about the Bro
mailing list