[Bro] Documentation and getting started.

[Jim Mellander]

Hi Daniel:

Check this link for info on
​ ​
the bro directory structure that may help you: https://www.bro.org/sphinx/
install/release-notes.html#script-organization

​As far as monitoring a bridged interface, there should be no problem, as
long as bro can access the interface.  ​If you're not running as root, see:
https://www.bro.org/documentation/faq.html#how-can-i-capture-packets-as-an-unprivileged-user

Does tcpdump provide expected output when run against br0?

Hope this helps,

Jim




On Mon, Oct 16, 2017 at 9:49 AM, Sniper <daniel_aka_sniper_d at hotmail.com>
wrote:

> Hello Everyone,
>
> Is there reference page on all the default installation directory
> locations are by any chance? $PREFIX just makes it a very long process
> establishing where all the files are located. If not, I think this would
> be excellent for beginners like me.
>
> Also, I have created a bridge interface that I want to monitor using
> ubuntu/bro by connecting two hosts, for some reason I can't seem to
> generate any logs in /usr/local/bro/logs/ (no 'current' folder when bro
> is started as in the documentation). Is this even possible to monitor a
> bridge interface using bro on the same host? I have already changed
> node.cfg interface to br0.
>
> There are no tutorials nowhere on how to actually get started, tried to
> follow the instructions but still no luck, ive been wasting days on
> this. If someone could point me in the right direction i'll greatly
> appreciate it.
>
> Kind regards
>
> Daniel
>
>
>
> ---
> This email has been checked for viruses by Avast antivirus software.
> https://www.avast.com/antivirus
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20171016/e30dbe29/attachment.html