[Bro] How to Detect the attacks from the logs
Scott Runnels
srunnels at gmail.com
Fri Oct 5 04:46:39 PDT 2012
Hi Diwakar,
The current version of Bro is 2.1 and I think you'd be better served
running the more up-to-date version.
As for understanding Logs you can watch the videos from the 2011 Bro
Workshop at http://www.bro-ids.org/community/workshop2011.html
Vr
Scott
On Friday, October 5, 2012, Diwakar Dinkar wrote:
> Hi,
>
> I have installed BRO IDS 1.5.3. I have also installed Broctl. I have BRO
> IDS and Broctl in Ubuntu 12.04. I am newbie to BRO IDS. I am not getting
> proper documentation regarding the BRO IDS.I have performed some Denial of
> Service attack like UDP Storm and TCP Sync attack on my system through some
> other systems in my network. Log is maintained in the directory
> usr/local/bro/logs. I am unable to understand the logs. I want to know the
> following things:
>
> 1. how to detect the attacks from the logs.
> 2. How to generate reports regarding attacks automatically
> 3. How to get the email regarding the reports.
>
> Please, help me regarding this. I will be highly obliged to you for this.
>
> --
> Best regards
> Diwakar Kumar Dinkar
> Project Fellow
> IIT Patna
> +91-7631740230
>
>
>
--
Scott Runnels
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20121005/80647afe/attachment.html
More information about the Bro
mailing list