Next: , Previous: Bro Scripts, Up: Running Bro



4.3 Sending (E-mail) Bro Reports

A daily "internal" report is created that covers three sets of information:

If the local organization is asked to report incidents to another incident analysis organization (e.g., CERT, CIAC, or FedCIRC) an auxiliary "external" report can be created that only contains the incident information. These reports are stored in $BRODIR/reports. The two reports will be mailed to the email addresses specified during Bro installation. These email addresses can be changed by re-running the bro_config script or by editing $BROHOME/etc/bro.cfg directly. Each report has its own set of email addresses. If it is desired to send the auxiliary report directly to the external incident analysis organization without inspection, enter their email address directly. Otherwise, have the external email sent to someone who can inspect and forward it appropriately.