Lots of new features https://www.bro.org/documentation/beta/NEWS.bro.html
Installed a test instance on FreeBSD 10.3.
pkg install wget swig mkdir /opt wget https://www.bro.org/downloads/beta/bro-2.5-beta.tar.gz tar zxvf bro-2.5-beta.tar.gz ./configure --prefix=/opt/bro && make && make install
Get some coffee.
I edited /opt/bro/share/bro/site/local.bro and uncommented VLAN logging, Mac logging, and SMB analyzer for testing.
I also edited /opt/bro/etc/node.cfg to contain the following load balanced config.
[manager] type=manager host=localhost # [proxy-1] type=proxy host=localhost # [worker-1] type=worker host=localhost interface=le0 lb_method=pf_ring lb_procs=2
Install the configuration.
root@luda:/opt/bro/bin # ./broctl Hint: Run the broctl "deploy" command to get started. Welcome to BroControl 1.5-beta Type "help" for help. [BroControl] > check manager scripts are ok. proxy-1 scripts are ok. worker-1-1 scripts are ok. worker-1-2 scripts are ok. [BroControl] > deploy checking configurations ... installing ... creating policy directories ... installing site policies ... generating cluster-layout.bro ... generating local-networks.bro ... generating broctl-config.bro ... generating broctl-config.sh ... stopping ... worker-1-1 not running worker-1-2 not running proxy-1 not running manager not running starting ... starting manager ... starting proxy-1 ... starting worker-1-1 ... starting worker-1-2 ...
A few new logs right off the bat. smb_files.log, smb_mappings.log, and dce_rpc.log.
More to come.
0 Comments