How to Install Bro Network Security Monitor on Ubuntu 16.04 LTS

In this article, we will show you how to install Bro Network Security Monitor on your Ubuntu 16.04 LTS server. For those of you who don’t know, Security Monitor Bro Network is an open source network device monitoring system. In a nutshell, Bro monitors packet flows over the network using a firewall installed with additional connected network interfaces, and creates a high-level “flow” of events and stores events as separate tabs of separated lines in the log file. You can then parse these log files into a database to obtain information about the network traffic on the network. These logs include not only a comprehensive report of every connection on the wire, but also to the application level transcripts such as all HTTP sessions with their requested URIs, key headers, MIME types, server responses, DNS requests with responses, SSL certificates, key content of SMTP sessions, and much more.

This article assumes that you at least have basic Linux knowledge, know how to use the shell, and most importantly, you host your site on your own VPS. Installation is very simple and assumes you are running under the root account unless you can add “sudo” to the commands to gain superuser privileges. We will walk you through the installation of Bro Network Security Monitor on Ubuntu 16.04 LTS Xenial Xerus step by step.

Installing Bro Network Security Monitor on Ubuntu 16.04 LTS

Step 1. System update.

First, make sure all system packages are up to date by running these following commands in terminal.

sudo apt-get update
sudo apt-get upgrade

Step 2. Install the required dependency.

Install all required dependencies by running the following command:

apt-get install cmake make gcc g++ flex git bison python-dev swig libpcap-dev libssl-dev zlib1g-dev

Step 3. Installing GeoIP Database for IP Geolocation.

You also need to have GeoIP installed on your system. You can install it with the following command:

gzip -d GeoLiteCity.dat.gz
gzip -d GeoLiteCityv6.dat.gz

Now move the Geoip files to / usr / share / GeoIP / by default, we have to rename them according to the location Bro expects:

mv GeoLiteCity.dat /usr/share/GeoIP/GeoIPCity.dat
mv GeoLiteCityv6.dat /usr/share/GeoIP/GeoIPCityv6.dat

Step 4. Installing Bro Network Security Monitor.

First, download the latest Bro source from their website. You can do this with the following command:

tar zxvf bro-2.5.1.tar.gz
cd bro-2.5.1
make install

After Bro is installed, set up your PATH environment with the following command:

export PATH=/usr/local/bro/bin:$PATH

Step 5. Configuring Bro Network Security Monitor.

Bro is a powerful tool to get started quickly, we will follow manual on the project page

Edit the following files before running:

$PREFIX/etc/node.cfg  -- configure network interface to monitor
$PREFIX/etc/networks.cfg -- configure local networks
$PREFIX/etc/broctl.cfg -- change MailTo address and the log rotation

To run the program just type broctl in the shell.

You are now in the broctl shell from which you can issue Bro commands.

[BroControl] >

The first command to run is a fresh install to run the install. Then we run:

[BroControl] > install
warning: cannot read '/opt/bro2/spool/broctl.dat' (this is ok on first run)
creating policy directories ... done.
installing site policies ... done.
generating standalone-layout.bro ... done.
generating local-networks.bro ... done.
generating broctl-config.bro ... done.
updating nodes ... done.
[BroControl] > start
starting bro ...
[BroControl] > status
Name       Type       Host       Status        Pid    Peers  Started
bro        standalone localhost  running       25645  0      25 Jul 20:46:45

You now have Bro Network Security Monitor running on your system.

Congratulations! You have successfully installed Bro. Thanks for using this tutorial to install Bro Network Monitor Security on your Ubuntu 16.04 LTS system. For further assistance or useful information, we recommend that you visit Bro Network Security Monitor official website