I just wanted to know if someone has run Bro on DARPA 1999 Training week 1 and 2 data
(only inside and outside tcpdump files)? The problem is that week 1 does not contain any
attacks, but week 2 contains labeled attacks. I am checking the Bro output (alarm.log
file) and see none of the labeled attacks... Please, help me to understand the Bro output?
May be I am writing somethings wrongly...? Thanks in advance.
Show replies by date