The Bro IDS is great at analyzing network traffic, not to mention it’s very capable at detecting and logging issues that it finds in your network traffic. It’s amazing that an open-source project has progressed this far. This post covers configuring Bro and running it.
- Prerequisites for Bro IDS are installed, including:
- Other needed packages
- OS settings are adjusted, including:
- Memory/buffers settings are adjusted
- Bro is compiled
- Plugins are compiled and installed, including:
- Setcap (which enables some permissions for non-root users)
This section will go into configuring various settings in Bro, then starting Bro. We’ll also explore how to check on the health of Bro.