Shulou(Shulou.com)06/02 Report--

This article mainly introduces how to install Bro Network Analyzer in Ubuntu 16.04. In daily operation, I believe many people have doubts about how to install Bro Network Analyzer in Ubuntu 16.04. Xiaobian consulted all kinds of information and sorted out simple and easy to use operation methods. I hope to answer your doubts about how to install Bro Network Analyzer in Ubuntu 16.04. Next, please follow the small series to learn together!

Bro is a passive open source network traffic analyzer. It is primarily a security monitor that deeply examines all traffic on a link for signs of suspicious activity. It even supports a variety of traffic analysis tasks outside of security domains, including performance measurements and troubleshooting assistance. Bro's features include: Bro's scripting language supports site-specific monitoring policies for high-performance network analyzers supports many protocols and enables advanced semantic analysis at the application level It retains rich application-level statistics about the networks it monitors Bro can exchange information with other application interfaces in real time Its logs comprehensively record everything and provide an advanced archive of network activity

This tutorial will show you how to build from source code and install Bro on an Ubuntu 16.04 server.

preparations

Bro has many dependencies:

LibpcapOpenSSL library BIND8 library LibzBash (required by BroControl)Python 2.6+ (required by BroControl)

Building from source code also requires:

CMake 2.8+MakeGCC 4.8+ or Clang 3.3+SWIGGNU BisonFlexLibpcap headers OpenSSL headers Start

First, install all required dependencies by executing the following command:

# apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python-dev swig zlib1g-dev

Install GeoIP database to locate IP geolocation

Bro uses GeoIP to locate geographic locations. Install IPv4 and IPv6 versions:

$ wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz$wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCityv6-beta/GeoLiteCityv6.dat.gz

Unpack these two packages:

$ gzip -d GeoLiteCity.dat.gz$ gzip -d GeoLiteCityv6.dat.gz

Move the extracted files to/usr/share/GeoIP:

# mvGeoLiteCity.dat /usr/share/GeoIP/GeoIPCity.dat# mv GeoLiteCityv6.dat /usr/share/GeoIP/GeoIPCityv6.dat

Now you can build Bro from source code.

Build Bro

The latest Bro development version is available through the git repository.

Execute the following command:

$ git clone --recursive git://git.bro.org/bro

Go to the cloned directory and simply build Bro using the following command:

$ cd bro $ ./ configure $ make

The make command takes some time to build everything. The exact timing depends on the server performance.

The configure script can be executed with a number of parameters to specify the dependencies to build, specifically the-with-* option.

Install Bro

In the clone bro directory execute:

# make install The default installation path is/usr/local/bro.

Configure Bro

Bro's configuration files are located in/usr/local/bro/etc. Here are three files:

node.cfg, which configures a single node (or multiple nodes) to monitor.

bctl.cfg, BroControl's configuration file.

networks.cgf contains a list of networks represented using CIDR notation.

Configure Mail Settings

Open the bctl.cfg configuration file:

# $EDITOR /usr/local/bro/etc/broctl.cfg

View Mail Options options and edit the MailTo line as follows:

# Recipient address for emails sent out by Bro and BroControlMailTo = admin@example.com

Save and close. There are many other options, but in most cases the default is good enough.

Select nodes to monitor

Out of the box, Bro is configured to run in standalone mode. In this tutorial, we are doing a standalone installation, so there is no need to change it. However, please also check the node.cfg configuration file:

# $EDITOR /usr/local/bro/etc/node.cfg

In the [bro] section, you should see something like this:

[bro]type=standalonehost=localhostinterface=eth0

Make sure that the inferface matches the public interface of the Ubuntu 16.04 server.

Save and exit.

Configure the network of monitoring nodes

The last file to edit is network.cfg. Open it with a text editor:

# $EDITOR /usr/local/bro/etc/networks.cfg

By default, you should see the following:

# List of local networks in CIDR notation, optionally followed by a# descriptive tag.# For example,"10.0.0.0/8" or "fe80::/64" are valid prefixes. 10.0.0.0/8 Private IP space172.16.0.0/12 Private IP space192.168.0.0/16 Private IP space

Delete these three entries (this is just an example of how to use this file) and enter the public and private IP spaces for the server in the following format:

X.X.X.X/X Public IP spaceX.X.X.X/X Private IP space

Save and exit.

Manage Bro installation with BroControl

Managing Bro requires BroControl, which supports both interactive shells and command-line tools. Launch the shell:

# /usr/local/bro/bin/broctl

To use command-line tools, simply pass parameters to the previous command, for example:

# /usr/local/bro/bin/broctl status

This checks the status of Bro by displaying the following output:

Name Type Host Status Pid Startedbro standalone localhost running 6807 20 Jul 12:30:50 At this point, the study of "How to install Bro Network Analyzer in Ubuntu 16.04" is over, hoping to solve everyone's doubts. Theory and practice can better match to help you learn, go and try it! If you want to continue learning more relevant knowledge, please continue to pay attention to the website, Xiaobian will continue to strive to bring more practical articles for everyone!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.