Hello!
Topic says it...newb that's just starting out with Bro-IDS. I'm looking at the below links:
http://www.bro.org/documentation/quickstart.html
http://www.bro.org/documentation/logging.html
First, how do I disable some of the whole modules? I don't need the communication.log or ssl.log, so I'd like to nuke those.
Second, how do I enable multiple interfaces (if possible)?
Lastly, is there a more readable format for the log files? Say changing the timestamps to something a little more human readable?
Thank you for anything you can assist with.
James