BRO(8) - Linux man page online | Administration and privileged commands

Passive network traffic analyzer.

November 2014
BRO(8) System Administration Utilities BRO(8)


bro - passive network traffic analyzer


bro [options] [file ...]


Bro is primarily a security monitor that inspects all traffic on a link in depth for signs of suspicious activity. More generally, however, Bro supports a wide range of traffic analysis tasks even outside of the security domain, including performance measurements and helping with trouble-shooting. Bro comes with built-in functionality for a range of analysis and detection tasks, includ‐ ing detecting malware by interfacing to external registries, reporting vulnerable versions of software seen on the network, identifying popular web applications, detecting SSH brute-forcing, validating SSL certificate chains, among others.


<file> policy file, or read stdin -a, --parse-only exit immediately after parsing scripts -b, --bare-mode don't load scripts from the base/ directory -d, --debug-policy activate policy file debugging -e, --exec <bro code> augment loaded policies by given code -f, --filter <filter> tcpdump filter -g, --dump-config dump current config into .state dir -h, --help|-? command line help -i, --iface <interface> read from given interface -p, --prefix <prefix> add given prefix to policy file resolution -r, --readfile <readfile> read from given tcpdump file -s, --rulefile <rulefile> read rules from given file -t, --tracefile <tracefile> activate execution tracing -w, --writefile <writefile> write to given tcpdump file -v, --version print version and exit -x, --print-state <file.bst> print contents of state file -C, --no-checksums ignore checksums -F, --force-dns force DNS -I, --print-id <ID name> print out given ID -N, --print-plugins print available plugins and exit (-NN for verbose) -P, --prime-dns prime DNS -Q, --time print execution time summary to stderr -R, --replay <events.bst> replay events -S, --debug-rules enable rule debugging -T, --re-level <level> set 'RE_level' for rules -U, --status-file <file> Record process status in file -W, --watchdog activate watchdog timer -X, --broxygen <cfgfile> generate documentation based on config file --pseudo-realtime[=<speedup>] enable pseudo-realtime for performance evaluation (default 1) --load-seeds <file> load seeds from given file --save-seeds <file> save seeds to given file The following option is available only when Bro is built with the --enable-debug configure option: -B, --debug <dbgstreams> Enable debugging output for selected streams ('-B help' for help) The following options are available only when Bro is built with gperftools support (use the --enable-perftools and --enable-perftools-debug configure options): -m, --mem-leaks show leaks -M, --mem-profile record heap


BROPATH file search path BRO_PLUGIN_PATH plugin search path BRO_PLUGIN_ACTIVATE plugins to always activate BRO_PREFIXES prefix list BRO_DNS_FAKE disable DNS lookups BRO_SEED_FILE file to load seeds from BRO_LOG_SUFFIX ASCII log file extension BRO_PROFILER_FILE Output file for script execution statistics BRO_DISABLE_BROXYGEN Disable Broxygen documentation support


bro was written by The Bro Project <>.
bro November 2014 BRO(8)
Download raw manual
Index System Administration Utilities (+142) bro (+1) № 8 (+5755)
Go top