Hello all,
Is there a trick/option to make bro work with 802.1Q-tagged VLANs? I
have an interface that receives tagged frames, but it appears bro does
not reliably use the correct frame offsets. I suspect this may be an
artifact of the way libpcap handles vlans, but that's just a guess.
Perhaps I'm missing something obvious, so any suggestions are welcome.
Thanks,
Kevin Schmidt kps@ucsb.edu
Campus Network Programmer (805) 893-7779
Office of Information Technology (805) 893-5051 FAX
University of California, Santa Barbara
North Hall 2124
Santa Barbara, CA 93106-3201
Hello all,
I am wondering whether anyone has tried direct bro log into mysql table or not.
If there's one available, I would like to share from you.
Otherwise I will create simple perl/DBI interface by myself.
Thanks,
Hongjie
I am wondering whether anyone has tried direct bro log into mysql table or not.
Well, what do you mean by "log"? All contents of all files or alert.log
contents only?
I was thinking of doing the same thing for MySQL logging, but there seems
to be little value in that: the logs are pretty much free form text and no
sensible schema can be designed. RDBMS will be just as good as a plain
text file...
Otherwise I will create simple perl/DBI interface by myself.
Do share the code, if/when its created.
Hongjie Xin wrote:
Hello all,
I am wondering whether anyone has tried direct bro log into mysql table or not.
If there's one available, I would like to share from you.
Otherwise I will create simple perl/DBI interface by myself.
Thanks,
Hongjie
Hi,
There is a patch for bro to get it to interoperate with prelude (which logs to a sql database).
Never tried it though.
John
Google found:
http://sylvain.detilly.free.fr/ids/download/