Provided by: bro_2.4.1+dfsg-2build1_i386 bug

NAME

       bro - passive network traffic analyzer

SYNOPSIS

       bro  [options] [file ...]

DESCRIPTION

       Bro is primarily a security monitor that inspects all traffic on a link
       in depth for signs of suspicious activity. More generally, however, Bro
       supports  a  wide  range  of traffic analysis tasks even outside of the
       security domain, including performance measurements  and  helping  with
       trouble-shooting.

       Bro  comes  with  built-in  functionality  for  a range of analysis and
       detection tasks, including detecting malware by interfacing to external
       registries,  reporting  vulnerable  versions  of  software  seen on the
       network, identifying popular web  applications,  detecting  SSH  brute-
       forcing, validating SSL certificate chains, among others.

OPTIONS

       <file> policy file, or read stdin

       -a, --parse-only
              exit immediately after parsing scripts

       -b, --bare-mode
              don't load scripts from the base/ directory

       -d, --debug-policy
              activate policy file debugging

       -e, --exec <bro code>
              augment loaded policies by given code

       -f, --filter <filter>
              tcpdump filter

       -g, --dump-config
              dump current config into .state dir

       -h, --help|-?
              command line help

       -i, --iface <interface>
              read from given interface

       -p, --prefix <prefix>
              add given prefix to policy file resolution

       -r, --readfile <readfile>
              read from given tcpdump file

       -s, --rulefile <rulefile>
              read rules from given file

       -t, --tracefile <tracefile>
              activate execution tracing

       -w, --writefile <writefile>
              write to given tcpdump file

       -v, --version
              print version and exit

       -x, --print-state <file.bst>
              print contents of state file

       -z, --analyze <analysis>
              run the specified policy file analysis

       -C, --no-checksums
              ignore checksums

       -F, --force-dns
              force DNS

       -I, --print-id <ID name>
              print out given ID

       -J, --set-seed <seed>
              set the random number seed

       -K, --md5-hashkey <hashkey>
              set key for MD5-keyed hashing

       -N, --print-plugins
              print available plugins and exit (-NN for verbose)

       -P, --prime-dns
              prime DNS

       -Q, --time
              print execution time summary to stderr

       -R, --replay <events.bst>
              replay events

       -S, --debug-rules
              enable rule debugging

       -T, --re-level <level>
              set 'RE_level' for rules

       -U, --status-file <file>
              Record process status in file

       -W, --watchdog
              activate watchdog timer

       -X, --broxygen <cfgfile>
              generate documentation based on config file

       --pseudo-realtime[=<speedup>]
              enable pseudo-realtime for performance evaluation (default 1)

       --load-seeds <file>
              load seeds from given file

       --save-seeds <file>
              save seeds to given file

       The  following  option  is  available  only  when Bro is built with the
       --enable-debug configure option:

       -B, --debug <dbgstreams>
              Enable debugging output for  selected  streams  ('-B  help'  for
              help)

       The  following  options  are  available  only  when  Bro  is built with
       gperftools     support     (use     the     --enable-perftools      and
       --enable-perftools-debug configure options):

       -m, --mem-leaks
              show leaks

       -M, --mem-profile
              record heap

ENVIRONMENT

       BROPATH
              file search path

       BRO_PLUGIN_PATH
              plugin search path

       BRO_PLUGIN_ACTIVATE
              plugins to always activate

       BRO_PREFIXES
              prefix list

       BRO_DNS_FAKE
              disable DNS lookups

       BRO_SEED_FILE
              file to load seeds from

       BRO_LOG_SUFFIX
              ASCII log file extension

       BRO_PROFILER_FILE
              Output file for script execution statistics

       BRO_DISABLE_BROXYGEN
              Disable Broxygen documentation support

AUTHOR

       bro was written by The Bro Project <info@bro.org>.