[Bro] Attach Barnyard2 to Bro2

Siwek, Jonathan Luke jsiwek at illinois.edu
Mon Jan 27 10:14:31 PST 2014


On Jan 27, 2014, at 11:54 AM, Jeremy Cox <jeremy.cox at washk12.org> wrote:

> But I'm not sure where those alerts end up being logged in bro.

It produces a barnyard2.log.

Did you redef Communication::nodes to register Bro to receive the barnyard events?  E.g. in site/local.bro put code like the following:

 @load policy/integration/barnyard2
  redef Communication::nodes += {
      ["local"] = [$host=127.0.0.1, $class="barnyard", $events=/Barnyard2::barnyard_alert/, $connect = F]
  };

- Jon



More information about the Bro mailing list