[Bro] A question on barnyard2 integration
James Lay
jlay at slave-tothe-box.net
Tue Jul 29 09:14:50 PDT 2014
On 2014-07-29 09:26, James Lay wrote:
> Ok actually two questions:
>
> 1) I'm not able to get this to load with either:
>
> @policy/integration/barnyard2
> @integration/barnyard2
>
> And from barnyard2 docs:
>
> alert_bro
>
>
> ----------------------------------------------------------------------------
>
> Purpose: Send alerts to a Bro-IDS instance.
>
> Arguments: hostname:port
>
> Examples:
> output alert_bro: 127.0.0.1:47757
>
> How do I set the port that bro listens to? Thank you.
>
> James
Ok I've got this loading now with the below in local.bro:
@load policy/integration/barnyard2
tail: loaded_scripts.log: file truncated
/usr/local/bro/share/bro/policy/integration/barnyard2/__load__.bro
/usr/local/bro/share/bro/policy/integration/barnyard2/types.bro
/usr/local/bro/share/bro/policy/integration/barnyard2/main.bro
The next bit...how do I tell bro to open a listening port? Thank you.
James
More information about the Bro
mailing list