Bro

Bro is an open-source network monitoring and intrusion detection system written in C++. Bro collects live packets via the libpcap interface, analyzes packet contents, generates events from the analysis, and performs various actions based on action policies. Possible actions include logging, email notifications, alert generation in database, and external command launches. Out of box, Bro comes with a variety of built-in analysis capabilities, such as detecting malware and security attacks from signature analysis, uncovering software vulnerabilities, inferring application protocols from network traffic, checking compliance status, etc. Beyond standard analysis functions, Bro is designed to perform any custom anomaly detection and system behavior analysis based on policy scripts written in a built-in scripting language. Bro supports distributed cluster deployment, where multiple Bro instances are front-ended by a load balancer and the Bro instances are controlled from a centralized Bro management and log aggregation interface.


  • Website: https://www.bro.org/
  • Platform: Linux, BSD, Mac OS X
  • License: BSD
  • Documentation: https://www.bro.org/documentation/index.html
  • Source repository: git
  • Community: mailing list bug tracker
  • Features: , , ,
  • Similar Software

    fail2ban fail2ban is a Python-based intrusion prevention software that can protect various services on Linux. It works by analyzing system and application log files (e.g., /var/log/auth.log, /var/log/apache/e...
    tcpdump tcpdump is a command-line packet sniffing and protocol analyzer tool writtin in C/C++. It captures live RX/TX packets on a network interface in promiscuous mode, and displays the content of the pack...
    Nagios Nagios is an industry-standard open-source IT infrastructure and network monitoring software which can monitor server resources (e.g., CPU, memory, disk usage), network equipments (e.g., switches or r...
    Monit Monit is an open-source server monitoring and watchdog system for Linux and Unix. It allows system admins to custom-define various error conditions on server resources, such as missing processes, une...
    ntopng ntopng is a real-time network traffic monitor offering HTML5/AJAX-based web interface. ntopng can visualize elephant flows, IP geolocation, traffic matrix of local networks, and geolocation/AS maps o...

    Subscribe to Xmodulo List

    Do you want to receive posts about Linux applications and software recommended by Xmodulo List? Enter your email address below, and we will deliver our recommendations straight to your email box, for free. Delivery powered by Google Feedburner.

    Leave a comment

    Your email address will not be published. Required fields are marked *