I’ve installed Bro IDS on my computer, and I want to know is it possible to make Bro generate pcap logs? Because I want to use Wireshark to analyze Bro logs.
Another question, does anyone tried Splunk to analyze Bro logs? Can anyone give me some advice?
Any help would be great. Thank You.
Bro can analyze pcaps, but it doesn't generate them.
Wire shark isn't really a log analyzer, but a raw traffic analyzer/GUI.
There are Bro plugins for Splunk. It works well.
Bro can generate pcap files with the "-w" command-line option.
bro -i eth0 -w output.pcap
Keep in mind that you aren't analyzing Bro logs in this way, though. If all you want are pcaps, tcpdump should suffice. If you want both, this is a good solution.