[Bro] Bro not producing a notice.log

Mike Dopheide dopheide at gmail.com
Thu Apr 7 16:04:39 PDT 2016


I want to say that's likely because AWS disables promiscuous mode so
getting Bro to work requires some additional tricks.   Can anyone verify?

On Thursday, April 7, 2016, Paweł Piszczatowski <pawelec93 at googlemail.com>
wrote:

> I have a Bro cluster setup in the AWS cloud, currently just with one node.
> My problem is that Bro is not producing the notice.log, it should just log
> successful SSH logins but it doesn't. I have tried SSH and FTP bruteforcing
> the worker node and exceeding the limit of failed connections, again no
> notice.log. I can see the detect-bruteforcing.bro scripts loaded in the
> loaded_scripts.log. I am pretty new to Bro, so I am not sure what I am
> doing wrong.
>
> Regards,
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160407/0fbff160/attachment.html 


More information about the Bro mailing list