[Bro] Attach Barnyard2 to Bro2
Siwek, Jonathan Luke
jsiwek at illinois.edu
Mon Jan 27 10:14:31 PST 2014
On Jan 27, 2014, at 11:54 AM, Jeremy Cox <jeremy.cox at washk12.org> wrote:
> But I'm not sure where those alerts end up being logged in bro.
It produces a barnyard2.log.
Did you redef Communication::nodes to register Bro to receive the barnyard events? E.g. in site/local.bro put code like the following:
@load policy/integration/barnyard2
redef Communication::nodes += {
["local"] = [$host=127.0.0.1, $class="barnyard", $events=/Barnyard2::barnyard_alert/, $connect = F]
};
- Jon
More information about the Bro
mailing list