Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   44335 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

BRO(8)			System Administration Utilities			BRO(8)

NAME
       bro - passive network traffic analyzer

SYNOPSIS
       bro  [options] [file ...]

DESCRIPTION
       Bro is primarily a security monitor that inspects all traffic on a link
       in depth for signs of suspicious activity. More generally, however, Bro
       supports	 a  wide  range	 of traffic analysis tasks even outside of the
       security domain, including performance measurements  and	 helping  with
       trouble-shooting.

       Bro  comes  with	 built-in  functionality  for  a range of analysis and
       detection tasks, including detecting malware by interfacing to external
       registries,  reporting vulnerable versions of software seen on the net‐
       work, identifying popular web applications, detecting  SSH  brute-forc‐
       ing, validating SSL certificate chains, among others.

OPTIONS
       <file> policy file, or read stdin

       -a, --parse-only
	      exit immediately after parsing scripts

       -b, --bare-mode
	      don't load scripts from the base/ directory

       -d, --debug-policy
	      activate policy file debugging

       -e, --exec <bro code>
	      augment loaded policies by given code

       -f, --filter <filter>
	      tcpdump filter

       -g, --dump-config
	      dump current config into .state dir

       -h, --help|-?
	      command line help

       -i, --iface <interface>
	      read from given interface

       -p, --prefix <prefix>
	      add given prefix to policy file resolution

       -r, --readfile <readfile>
	      read from given tcpdump file

       -s, --rulefile <rulefile>
	      read rules from given file

       -t, --tracefile <tracefile>
	      activate execution tracing

       -w, --writefile <writefile>
	      write to given tcpdump file

       -v, --version
	      print version and exit

       -x, --print-state <file.bst>
	      print contents of state file

       -z, --analyze <analysis>
	      run the specified policy file analysis

       -C, --no-checksums
	      ignore checksums

       -F, --force-dns
	      force DNS

       -I, --print-id <ID name>
	      print out given ID

       -J, --set-seed <seed>
	      set the random number seed

       -K, --md5-hashkey <hashkey>
	      set key for MD5-keyed hashing

       -N, --print-plugins
	      print available plugins and exit (-NN for verbose)

       -P, --prime-dns
	      prime DNS

       -Q, --time
	      print execution time summary to stderr

       -R, --replay <events.bst>
	      replay events

       -S, --debug-rules
	      enable rule debugging

       -T, --re-level <level>
	      set 'RE_level' for rules

       -U, --status-file <file>
	      Record process status in file

       -W, --watchdog
	      activate watchdog timer

       -X, --broxygen <cfgfile>
	      generate documentation based on config file

       --pseudo-realtime[=<speedup>]
	      enable pseudo-realtime for performance evaluation (default 1)

       --load-seeds <file>
	      load seeds from given file

       --save-seeds <file>
	      save seeds to given file

       The  following  option  is  available  only  when Bro is built with the
       --enable-debug configure option:

       -B, --debug <dbgstreams>
	      Enable debugging output for  selected  streams  ('-B  help'  for
	      help)

       The  following  options	are  available	only  when  Bro	 is built with
       gperftools     support	  (use	   the	   --enable-perftools	   and
       --enable-perftools-debug configure options):

       -m, --mem-leaks
	      show leaks

       -M, --mem-profile
	      record heap

ENVIRONMENT
       BROPATH
	      file search path

       BRO_PLUGIN_PATH
	      plugin search path

       BRO_PLUGIN_ACTIVATE
	      plugins to always activate

       BRO_PREFIXES
	      prefix list

       BRO_DNS_FAKE
	      disable DNS lookups

       BRO_SEED_FILE
	      file to load seeds from

       BRO_LOG_SUFFIX
	      ASCII log file extension

       BRO_PROFILER_FILE
	      Output file for script execution statistics

       BRO_DISABLE_BROXYGEN
	      Disable Broxygen documentation support

AUTHOR
       bro was written by The Bro Project <info@bro.org>.

bro				 November 2014				BRO(8)

Vote for polarhome