Next: , Previous: Bro Scripts, Up: Running Bro



4.3 Sending (E-mail) Bro Reports

A daily 'internal' report is created that covers three sets of information:

If the local organization is asked to report incidents to another incident analysis organization (i.e. CERT, CIAC, FedCIRC, etc.) an auxiliary 'external' report can be created that only contains the incident information. These reports are stored in $BRODIR/reports. The two reports will be mailed to the e-mail addresses specified during Bro installation. These e-mail addresses can be changed by re-running the bro_config script or by editing $BROHOME/etc/bro.cfg directly. Each report has it's own set of e-mail addresses. If it is desired to send the auxiliary report directly to the external incident analysis organization without inspection, enter their e-mail address directly. Otherwise, have the external e-mail sent to someone who can inspect and forward it appropriately.