How to Detect the attacks from the logs

Diwakar_Dinkar · October 5, 2012, 9:44am

Hi,

I have installed BRO IDS 1.5.3. I have also installed Broctl. I have BRO IDS and Broctl in Ubuntu 12.04. I am newbie to BRO IDS. I am not getting proper documentation regarding the BRO IDS.I have performed some Denial of Service attack like UDP Storm and TCP Sync attack on my system through some other systems in my network. Log is maintained in the directory usr/local/bro/logs. I am unable to understand the logs. I want to know the following things:

how to detect the attacks from the logs.
How to generate reports regarding attacks automatically
How to get the email regarding the reports.

Please, help me regarding this. I will be highly obliged to you for this.

Scott_Runnels · October 5, 2012, 11:46am

Hi Diwakar,

The current version of Bro is 2.1 and I think you’d be better served running the more up-to-date version.

As for understanding Logs you can watch the videos from the 2011 Bro Workshop at http://www.bro-ids.org/community/workshop2011.html

Vr
Scott

Topic		Replies	Views
bro ids icmp and attack signatures Zeek	4	65	May 6, 2022
Bro for Beginners/Logging SSL Certificate Zeek	2	51	May 6, 2022
some puzzles about the usage of bro Zeek	2	42	May 6, 2022
Looking for a tool detecting abusing IPs Zeek	2	64	May 6, 2022
Using Bro IDS in offline analysis Zeek	3	55	May 6, 2022

How to Detect the attacks from the logs

Related Topics