Hi,
I have been toying with a set of scripts for some time now to help those that use or plan to use bro.
In my opinion, there needs to be more consistency in bro implementations (I have now seen a few) to actually be able to provide any further supplementary scripts and applications that can help in making the use of bro as effective as possible.
What I have done is to compile a set of scripts that comprise a base environment in which bro can run. Since they get bro up and going with many re-usable aspects, I have dubbed my set of scripts BRA (the Bro Re-usable Architecture). These scripts are meant to compliment the use of bro in an environment and are independent of any bro policies used.
The main features of BRA are:
1) The BRA environment encapsulates and provides wrapper functions for running Bro.
2) All of the scripts are written in PERL for consistency.
3) All of the scripts use one single configuration file (~/etc/config.cf).
4) All of the scripts are meant to be small and take up little disk space, memory and cpu.
5) Provide a means to 'checkpoint' or 'restart' a Bro instantiation without loss of network traffic analysis.
6) Provide a default set of reports that are sent to those using Bro (coming in next release).
7) Help organize the log files for later use.
Please feel free to download the initial BRA release (this is a very early alpha release) from here:
http://www.UnixHelpDesk.COM/~cmanders/projects/bra.html
This is just the bare-bones version that I am releasing, as I have a more robust setup for myself. Eventually I'll add the pieces that make the most sense, or that are found to be the most useful, in updates.
I am very interested in feedback, suggestions or other comments to further provide a bro environment that folks find to be pleasing and useful.
NOTE: The BRA setup does not provide any software such as bro. You will need to download and compile bro independently.
Cheers!
Christopher