Good Afternoon.
My questions are as follows:
Q1. I can not solve the problem when doing bro_config, and the command lines are in the attached file config.txt .
I do not know whether my configuration is setup right.
Because I only get a log file in the /usr/local/bro/logs fold (in the attached file info.localhost.09-06-25_13.25.33).
In the /usr/local/bro/reports folder there is no report file.
Are the report generated automatically? Or shuld I generate it by hand?
Q2. In the quick-Start file, I find that the report example. At the end of the report, there is a list of connections(only first 25 after alarm are listed).
I want to ask: if there is no alarm, will there be no connections list (such as time and byte information)?
And Bro can list only first 25 connections after alarm ?
If I want the information of all connections, how can I get that?
Thank you very much!
I am looking forward for your reply.
config.txt (1.88 KB)
info.localhost.09-06-25_13.25.33 (2.03 KB)