The Bro IDS is great at analyzing network traffic, not to mention it’s very capable at detecting and logging issues that it finds in your network traffic. It’s amazing that an open-source project has progressed this far. This post covers configuring Bro and running it.

Let’s review what we have covered in part one and part two of this guide:

  • Prerequisites for Bro IDS are installed, including:
    • PF_RING
    • Other needed packages
  • OS settings are adjusted, including:
    • Firewall/IPTables
    • Memory/buffers settings are adjusted
  • Bro is compiled
  • Plugins are compiled and installed, including:
    • PF_RING
    • Setcap (which enables some permissions for non-root users)

This section will go into configuring various settings in Bro, then starting Bro. We’ll also explore how to check on the health of Bro.

Continue reading