Hello,
I am very new to Bro. I have an external Syslog server in my environment that I am trying to send logs to from Bro. I have been searching everywhere and following different tutorials/hints, but I am still having no luck. How should I go about doing this?
Thanks,
Michelle
The easiest way I’ve found to date is to use rsyslog to pick them up off the file system.
A good template/starting point can be found at https://github.com/lruppert/bro-scripts/blob/master/rsyslog/bro-ids.conf
Hope this helps.
-Carl
rsyslogd forwarding the logs with file monitoring.