The bro/scripts Directory - Bro User Manual

Next: The bro/policy Directory, Previous: The bro/var Directory, Up: Bro Directory and Files

A.4 The bro/scripts Directory

This directory contains a number of auxiliary scripts used to suppliment Bro's operation.

bro-config

A utility script for changing the Bro operational parameters in the bro.cfg file.

bro-logchk.pl

Currently, this file does not work
A utility program for searching ftp and http log files for activity by specific ip addresses.

Usage:

     
        bro-logchk.pl -[hrDFHds] -f filename -a ipaddr -x ipaddr
            -h          print this usage information
            -F          using ftp log
            -H          using http log
            -r          try to resolve IP addresses to hostnames
            -f file     log file to parse
            -a ipaddr   only output connections from this address
            -s          only want matching source address (used with -a )
            -d          only want matching dest address (used with -a )
            -D          debug option
            -x ipaddr   exclude connections from this address

bro_log_compress.sh

A very simple script written to manage log and coredump files. By default it compresses log files older than 30 days and sends them to the archive directory; it deletes log files older than 60 days; and it deletes coredump files older than 4 days.

Restrictions:

Must be run from a user account that has read/write/execute access to files in the $BROHOME directory.

host-grep

Greps a Bro connection summary log on stdin for two given hostnames.

Usage:
                host-grep [-a] hostname hostname < connection_log
                If -a is specified then we only want lines with *all* of the listed hosts.
     
Restrictions:

Must have $BROHOME/scripts included in the PATH environment variable.
Will only work with hostnames. ip addresses are not accepted
Uses host-to-addrs and ip-grep scripts

host-to-addrs

Finds all ip addresses associated with a given hostname.

Usage:
                host-to-addrs hostname
     
Restrictions:

Must have $BROHOME/scripts included in the PATH environment variable.
Will only work with hostnames. IP addresses are not accepted

ip-grep

Returns an exact grep pattern for matching the IP addresses of the given hosts

Usage:
          ip-grep hostname hostname ...
     
Restrictions:

Must have $BROHOME/scripts included in the PATH environment variable.
Will only work with hostnames. ip addresses are not accepted
Uses host-to-addrs script

site-report.pl

This script produces the daily consolidated site report. By default, it is run daily via the cron job submitted by the bro user via files in /var/cron/tabs.

The bro/scripts/pm Directory

This directory contains perl modules to support the perl scripts in the scripts directory.