Hi there
Just wondering what could be the options to compile bro under windows environment?
Thanks,
The first rule of the Bro environment:
You do not talk about the windows environment.
The second rule of the Bro environment:
You DO NOT talk about the windows environment.
(Okay, seriously: we have no intention to support Bro on Windows. If you
really really have to, you could try the Cygwin/MinGW route, but it'll
likely be painful. You might have more luck with setting up a Linux box
in a virtual machine and running everything in there, though it might
get tricky to get Bro to tap into the right traffic.)
Cheers,
Christian.
Jules wrote:
Hi there
Just wondering what could be the options to compile bro under windows
environment?
I actually had Bro running on my windows laptop under Cygwin last year
(I call it WinBro), to see if it could be done, first of all, and to see
what added value it could bring. Were I to be persuaded to work on it
further, I'd probably use mingw instead - although cygwin is still a
viable option. I found out several things:
1. Bro people are less than enthusiastic about Windows
2. It seemed to add value as a way for internal hosts to have a
lightweight IDS capability, which could potentially report back to a
central station.
3. It adds a dimension to internal monitoring that e.g. Netflow doesn't
have, as it gives the opportunity for detection of intra-subnet scanning
or other malicious activities.
If anyone is interested in being my partner in crime, I would be happy
to dust off my notes, and have another go at it.
Maybe I need to stress that I was referring only to Bro itself. If you
want to feed Windows host-based information into your monitoring setup,
for example, then Broccoli is very much an option. I can't guarantee
that it'll currently build out of the box on Windows, but I successfully
ran Windows Broccoli apps a while back. Having Broccoli work on as many
platforms as possible is definitely our intention, and patches as well
as experience reports are very welcome.
Cheers,
Christian.