Thank you for the response!


I just completed setting syslog-ng and now have the log files sending via syslog to Log Siphon now.


I agree, that it would be great to have it built into the framework directly.


Have a good day!



From: Jesse Bowling []
Sent: Wednesday, February 27, 2013 1:54 PM
To: Ron Jenkins
Subject: Re: [Bro] Bro IDS logging via Syslog


There is almost certainly a better way to do it within the Bro framework itself, but another option might be to use built in (?) rsyslog:

About halfway down there are instructions for using rsyslog's imfile module to syslog Bro's logs...



On Wed, Feb 27, 2013 at 1:51 PM, Ron Jenkins <> wrote:

Is there a way to have Bro v2.1 send via Syslog along with a log file?





Ron Jenkins (SnortCP, VCP (3/4), MCNE, CNE6, MCP,CCNA)

RMJ Consulting, LLC. "Bringing Companies and Solutions Together"

Makers of Active Response System(ARS) & Log Siphon

Owner / Senior Architect

Physical Address

11715 Bricksome Ave STE B-7

Baton Rouge, LA 70816

Mail Address

7575 Jefferson Hwy #103

Baton Rouge, LA 70806

Toll: 855-448-5214

Direct. 225-448-5214

Fax. 225-448-5324

Cell. 225-931-1632




Log Siphon.



Bro mailing list

Jesse Bowling