bro(8) System Administration Utilities bro(8)
NAME
bro - passive network traffic analyzer
SYNOPSIS
bro [options] [file ...]
DESCRIPTION
Bro is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting. Bro comes with built-in functionality for a range of analysis and detection tasks, including detecting malware by interfacing to external registries, reporting vulnerable versions of software seen on the net- work, identifying popular web applications, detecting SSH brute-forc- ing, validating SSL certificate chains, among others.
OPTIONS
<file> policy file, or read stdin -a, --parse-only exit immediately after parsing scripts -b, --bare-mode don't load scripts from the base/ directory -d, --debug-policy activate policy file debugging -e, --exec <bro code> augment loaded policies by given code -f, --filter <filter> tcpdump filter -g, --dump-config dump current config into .state dir -h, --help|-? command line help -i, --iface <interface> read from given interface -p, --prefix <prefix> add given prefix to policy file resolution -r, --readfile <readfile> read from given tcpdump file -s, --rulefile <rulefile> read rules from given file -t, --tracefile <tracefile> activate execution tracing -w, --writefile <writefile> write to given tcpdump file -v, --version print version and exit -x, --print-state <file.bst> print contents of state file -C, --no-checksums ignore checksums -F, --force-dns force DNS -I, --print-id <ID name> print out given ID -N, --print-plugins print available plugins and exit (-NN for verbose) -P, --prime-dns prime DNS -Q, --time print execution time summary to stderr -R, --replay <events.bst> replay events -S, --debug-rules enable rule debugging -T, --re-level <level> set 'RE_level' for rules -U, --status-file <file> Record process status in file -W, --watchdog activate watchdog timer -X, --broxygen <cfgfile> generate documentation based on config file --pseudo-realtime[=<speedup>] enable pseudo-realtime for performance evaluation (default 1) --load-seeds <file> load seeds from given file --save-seeds <file> save seeds to given file The following option is available only when Bro is built with the --enable-debug configure option: -B, --debug <dbgstreams> Enable debugging output for selected streams ('-B help' for help) The following options are available only when Bro is built with gperftools support (use the --enable-perftools and --enable-perftools-debug configure options): -m, --mem-leaks show leaks -M, --mem-profile record heap
ENVIRONMENT
BROPATH file search path BRO_PLUGIN_PATH plugin search path BRO_PLUGIN_ACTIVATE plugins to always activate BRO_PREFIXES prefix list BRO_DNS_FAKE disable DNS lookups BRO_SEED_FILE file to load seeds from BRO_LOG_SUFFIX ASCII log file extension BRO_PROFILER_FILE Output file for script execution statistics BRO_DISABLE_BROXYGEN Disable Broxygen documentation support
AUTHOR
bro was written by The Bro Project <info@bro.org>. bro November 2014 bro(8)
bro 2.6.1 - Generated Mon Feb 18 16:11:24 CST 2019