Bro IDS logging via Syslog

Ron_Jenkins · February 27, 2013, 6:51pm

Is there a way to have Bro v2.1 send via Syslog along with a log file?

Thanks!

Ron Jenkins (SnortCP, VCP (3/4), MCNE, CNE6, MCP,CCNA)

RMJ Consulting, LLC. “Bringing Companies and Solutions Together”

Makers of Active Response System(ARS) & Log Siphon

Owner / Senior Architect

Physical Address

11715 Bricksome Ave STE B-7

Baton Rouge, LA 70816

Mail Address

7575 Jefferson Hwy #103

Baton Rouge, LA 70806

Toll: 855-448-5214

Direct. 225-448-5214

Fax. 225-448-5324

Cell. 225-931-1632

Email. rjenkins@rmjconsulting.net

Web. http://www.rmjconsulting.net

ARS. http://www.rmjars.com

Linkedin. http://www.linkedin.com/profile/view?id=28564151&trk=tab_pro

jessebowling · February 27, 2013, 7:53pm

There is almost certainly a better way to do it within the Bro framework itself, but another option might be to use built in (?) rsyslog:

About halfway down there are instructions for using rsyslog’s imfile module to syslog Bro’s logs…

Cheers,

Jesse

Ron_Jenkins · February 27, 2013, 7:56pm

Thank you for the response!

I just completed setting syslog-ng and now have the log files sending via syslog to Log Siphon now.

I agree, that it would be great to have it built into the framework directly.

Have a good day!

Topic		Replies	Views
Log Siphon Decoding Bro IDS Events. Zeek	1	51	May 6, 2022
Sending Bro Logs to a Remote Syslog Server Zeek	3	109	May 6, 2022
- send syslog message via Bro Zeek	2	73	May 6, 2022
Bro v2.3 and MySQL Zeek	1	52	May 6, 2022
Bro +Splunk Zeek	5	90	May 6, 2022