Lets install it on an modern Ubuntu.
sudo apt-get install swig python-dev libmagic-dev libpcre3-dev libssl-dev cmake git-core subversion ruby-dev libgeoip-dev flex bison
# download bro http://www.bro-ids.org/downloads/release/bro-2.1.tar.gz
cd bro-2.1
./configure
make
make install
/usr/local/bro/bin/broctl > install > start
If you have plenty of data passing by and the system is loaded above 50% you should consider PF_RING and recomplile libpcap and bro.
You might find some performance improvements with ethtool tweaking, but first make sura that you have a decent intel nic or similar server equipment.
If this is still nog good enough, star removing checks from local.bro
Next item is about passing the data on for analysis...
Inga kommentarer:
Skicka en kommentar