Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

How to install Bro Network Analyzer in Ubuntu

2025-01-23 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Development >

Share

Shulou(Shulou.com)06/02 Report--

This article Xiaobian for you to introduce in detail "how to install Bro network analyzer in Ubuntu", the content is detailed, the steps are clear, and the details are handled properly. I hope this article "how to install Bro network analyzer in Ubuntu" can help you solve your doubts.

Bro is a passive open source network traffic analyzer. It is primarily a security monitor that deeply examines all traffic on the link for signs of suspicious activity. It even supports a variety of traffic analysis tasks outside the security domain, including performance measurement and troubleshooting. Bro features include: Bro scripting language support for site-specific monitoring strategies for high-performance network analyzer supports many protocols, high-level semantic analysis can be implemented at the application level, it retains the rich application layer statistics of the network it monitors, Bro can exchange information with other application interfaces in real time, its log records all information comprehensively, and provides advanced archiving of network activities.

This tutorial will show you how to build from source code and install Bro on a Ubuntu 16.04 server.

Preparatory work

Bro has many dependent files:

LibpcapOpenSSL Library BIND8 Library LibzBash (required by BroControl) Python 2.6 + (required by BroControl)

Building from source code also requires:

CMake 2.8+MakeGCC 4.8 + or Clang 3.3+SWIGGNU BisonFlexLibpcap headersOpenSSL headerszlib headers start

First, install all necessary dependencies by executing the following command:

# apt-get install cmake make gcc gathers + flex bison libpcap-dev libssl-dev python-dev swig zlib1g-dev installs GeoIP database that locates IP geolocation

Bro uses GeoIP's location geolocation. Install the IPv4 and IPv6 versions:

$wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz$wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz

Unpack these two packages:

$gzip-d GeoLiteCity.dat.gz$ gzip-d GeoLiteCityv6.dat.gz

Move the extracted files to the / usr/share/GeoIP directory:

# mvGeoLiteCity.dat / usr/share/GeoIP/GeoIPCity.dat# mv GeoLiteCityv6.dat / usr/share/GeoIP/GeoIPCityv6.dat

Now you can build Bro from the source code.

Build Bro

The latest development version of Bro is available through the git repository.

Execute the following command:

$git clone-recursive git://git.bro.org/bro

Go to the cloned directory and simply build the Bro using the following command:

$cd bro $. / configure $make

The make command takes some time to build everything. The exact time depends on the performance of the server.

You can use some parameters to execute the configure script to specify the dependencies to build, especially the-with-* option.

Install Bro

Execute in the cloned bro directory:

The default installation path for # make install is / usr/local/bro.

Configure Bro

The configuration file for Bro is located in the / usr/local/bro/etc directory. Here are three files:

Node.cfg, which is used to configure a single node (or nodes) to monitor.

Configuration file for broctl.cfg,BroControl.

Networks.cgf, which contains a list of networks represented by CIDR notation.

Configure message settin

Open the broctl.cfg configuration file:

# $EDITOR / usr/local/bro/etc/broctl.cfg

View the Mail Options options and edit the MailTo line as follows:

# Recipient address for emails sent out by Bro and BroControlMailTo = admin@example.com

Save and close. There are many other options, but in most cases, the default value is good enough.

Select the node to monitor

Out of the box, Bro is configured to run in stand-alone mode. In this tutorial, we are doing a separate installation, so there is no need to change it. However, check the node.cfg configuration file as well:

# $EDITOR / usr/local/bro/etc/node.cfg

In the [bro] section, you should see something like this:

[bro] type=standalonehost=localhostinterface=eth0

Make sure that the inferface matches the public network interface of the Ubuntu 16.04 server.

Save and exit.

Configure the network of the monitoring node

The last file to edit is network.cfg. Open it using a text editor:

# $EDITOR / usr/local/bro/etc/networks.cfg

By default, you should see the following:

# List of local networks in CIDR notation, optionally followed by a # descriptive tag.# For example, "10.0.0.0 fe80::/64 8" or "fe80::/64" are valid prefixes. 10.0.0.0/8 Private IP space172.16.0.0/12 Private IP space192.168.0.0/16 Private IP space

Delete the three entries (this is just an example of how to use this file) and enter the public and private IP space for the server in the following format:

X.X.X.X/X Public IP spaceX.X.X.X/X Private IP space

Save and exit.

Use BroControl to manage the installation of Bro

Managing Bro requires the use of BroControl, which supports both interactive shell and command line tools. Start the shell:

# / usr/local/bro/bin/broctl

To use the command line tool, simply pass the parameter to the previous command, for example:

# / usr/local/bro/bin/broctl status

This will check the status of the Bro by displaying the following output:

Name Type Host Status Pid Startedbro standalone localhost running 6807 20 Jul 12:30:50 read here, this "how to install Bro network analyzer in Ubuntu" article has been introduced, want to master the knowledge of this article also need to practice and use in order to understand, if you want to know more about the article, welcome to follow the industry information channel.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Development

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report