While focusing on network security monitoring, Bro provides a comprehensive platform for more general network traffic analysis as well. Well grounded in more than 15 years of research, Bro has successfully bridged the traditional gap between academia and operations since its inception. Today, it is relied upon operationally in particular by many scientific environments for securing their cyberinfrastructure. Bro’s user community includes major universities, research labs, supercomputing centers, and open-science communities.
I’ve found the Internet lacking of a straight-forward method for installing BRO-IDS with Brownian and Elasticsearch. Therefore, my hope is that this will ease the struggles of getting up and running.
Download and install Ubuntu 14.04 LTS.
Do not apply updates.
apt-get install openjdk-7-jre-headless
apt-get install git
Using the package manager, using the following:
wget -qO – https://packages.elasticsearch.org/GPG-KEY-elasticsearch | sudo apt-key add –
sudo add-apt-repository “deb http://packages.elasticsearch.org/elasticsearch/1.4/debian stable main”
sudo apt-get update && sudo apt-get install elasticsearch
sudo update-rc.d elasticsearch defaults 95 10
service elasticsearch start
Load Prerequisites for BRO/ELS-JSON
apt-get install libcurl4-gnutls-dev
Manually compile and configure BRO
Install dependencies –
sudo apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python-dev swig zlib1g-dev
tar –xvf bro-2.3.1.tar.gz
Make certain that cURL and Elasticsearch are displayed as supported.
make && make install
Add the following to the bottom of local.bro
Installation of Brownian
git clone https://github.com/pypa/virtualenv.git
python ./virtualenv.py /opt/Brownian
pip install git+https://github.com/grigorescu/Brownian.git
Change ELASTICSEARCH_SERVER in Brownian/lib/python2.X/site-packages/Brownian/settings.py to your server’s hostname and port.
Change TIME_ZONE in settings.py to your desired timezone.
Set the local variables
Configure the Server instance
python ./bin/django-admin.py syncdb
nohup python ./bin/django-admin.py runserver (public address:8000) &
You should now see data in the browser window.
Apply all updates
apt-get update && apt-get upgrade
All rights and respect to the Bro Project Copyrights.