I was thinking of doing the same thing for MySQL logging, but there seems
to be little value in that: the logs are pretty much free form text and no
sensible schema can be designed.
Note that with Bro 0.8's "ALERT" framework, there's an opportunity to now
define such schemas. That indeed was one of the motivations behind
instituting it, though the policy scripts don't yet make full use of it.
i am a new comer. i encountered difficulty when i install bro after compiling the source files. i use the command 'make install' after executing './configure' and 'make'. But 'make install "raised the error of 'Recursive variable 'INSTALL' references itself". I am wondering the way to resolve this problem, or any other ways of installing bro.
thanks in advance!