Skip to content
This repository has been archived by the owner on Jun 27, 2020. It is now read-only.

activecm/bro-install

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
2 branches 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
README.md
 
 
gen-node-cfg.sh
 
 
node.cfg-template
 
 
setup.sh
 
 
zeek_log_transport.sh
 
 
Bro-Install Resources: Verified Systems

README.md

Bro-Install

An Installation Script for Bro IDS on Debian Based Systems

This script compiles Bro-IDS with PF_RING support on Debian based systems. It will also assist in setting up a clustered configuration.

Please note that this type of installation is intended where performance is key. The typical setup assumes that you have one or more interfaces dedicated to capturing traffic (i.e. receive only). These interfaces will be completely taken over for capturing traffic and won't be able to be used for any other purposes.

  1. Run sudo ./setup.sh. This will install PF_RING to /usr/local/pfring/ and Bro to /usr/local/bro/.
  2. Run sudo gen-node-cfg.sh to automatically generate a node.cfg configuration file for your system.
  3. Edit broctl.cfg in /usr/local/bro/etc to further tune your interfaces for performance. Uncomment the line #interfacesetup.enabled=1 to enable.

Resources:

Verified Systems

This script has been tested on:

  • Ubuntu 16.04 LTS

If you successfully use this script on your system, please submit a PR adding your OS to this list.

About

An Installation Script for Bro IDS on Debian Based Systems

Resources

Readme
Activity

Stars

18 stars

Watchers

5 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 6

Languages