Hello,
Finally, I installed bro IDS (1.5.1) on my Ubuntu(9.10) machine. Of course, that after the useful information I got from this mailing list. Thanks you all
So after:
./configure
make
make install-broctl
I did not do nay sort of configuration this because I am not sure what should I do.
I do not want to use Bro for intrusion detection in real time. I am more interested in using it in forensics and intrusion analysis.
Shortly, I have several network binary file is PCAP and TCPDUMP format. I want to parse these files with Bro and get the bro alerts in machine readab;e format (txt, csv, or whaterver).
1- Is that possible ( Usually I use snort and it is very easy to accomplish but I am planning to compare between Snort and Bro)?
2- What are the configurations that I need?
Thanks,
Sherif Saad
|