Hello, I'm using Bro 1.0 with some success at high rates of traffic. I
would like to configure some automatic handling of
signiture/portscans/etc by parsing log output with SEC and syslog-ng. I set 'redef syslog_alarms = T;' in my site policy after which Bro failed to start giving this warning:
line 51 (syslog_alarms): error, "redef" used but not previously defined
I tried setting 'global enable_syslog = T &redef;' instead, but it didnt seem to put any of the warnings from signitures in syslog.
What is the proper way of doing this? Thanks.