Brownian is a web interface for viewing and interacting with Bro IDS logs. Try it out on a live demo.
Brownian motion relates to the elastic collisions and random motion of particles. Brownian aims to help you leverage Bro and ElasticSearch to make sense of a massive amount of seemingly random data.
This interface only works with Bro if you're using the new ElasticSearch Logging plugin.
Please refer to that documentation for getting ElasticSearch setup, and receiving logs.
It's also highly recommended to review the ElasticSearch configuration tips.
- Python version 2.6 or 2.7.
- Brownian comes with it's own webserver, for testing purposes.
- For production use, Apache with mod_wsgi is recommended.
It is advised to run Brownian in a virtualenv - an isolated Python environment with its own set of libraries. This will prevent system upgrades from modifying the globally installed libraries and potentially breaking Brownian.
- Download the latest virtualenv.py.
- Create and switch to your environment:
$ python ./virtualenv.py Brownian
$ cd Brownian
$ source ./bin/activate
$ pip install git+https://github.com/grigorescu/Brownian.git
The files are installed in ./lib/python2.X/site-packages/Brownian.
- Change
ELASTICSEARCH_SERVER
in Brownian/lib/python2.X/site-packages/Brownian/settings.py to your server's hostname and port.
- Change
TIME_ZONE
in settings.py to your desired timezone. - Review the other settings at the top of settings.py and configure them as desired.
$ export DJANGO_SETTINGS_MODULE=Brownian.settings
In settings.py, modify the DATABASES
setting to the path you'd like a small SQLite database created (your user will need write permissions to both the file and the parent directory).
$ python ./bin/django-admin.py syncdb
$ python ./bin/django-admin.py runserver
- Install mod_wsgi
- Edit
BROWNIAN_PATH
at the top of Brownian/lib/python2.X/site-packages/Brownian/wsgi.py to the location of your virtualenv directory. - In settings.py, modify the
DATABASES
setting to the path you'd like a small SQLite database created (your Apache user will need write permissions to both the file and the parent directory). - To create the database, in your virtualenv, run
DJANGO_SETTINGS_MODULE=Brownian.settings ./bin/django-admin.py syncdb
. You don't need to create any users. - Edit your Apache config to include:
WSGIPassAuthorization on
WSGIScriptAlias "/Brownian" "/opt/Brownian/lib/python2.X/site-packages/Brownian/wsgi.py"
# Static content - CSS, Javascript, images, etc.
Alias /static/ /opt/Brownian/lib/python2.X/site-packages/Brownian/view/static/
<Directory /opt/Brownian/lib/python2.X/site-packages/Brownian/view/static>
Order allow,deny
Allow from all
</Directory>
# Optional - Permissions
<Directory /opt/Brownian/lib/python2.X/site-packages/Brownian>
Allow from ...
... Blah blah ...
</Directory>
Finally, restart Apache, and you should be good to go.
If you'd like to have your static files somewhere other than /static
, change STATIC_URL
in settings.py. Please make sure to leave a trailing slash.
For more information, see: https://docs.djangoproject.com/en/1.4/howto/deployment/wsgi/modwsgi/
If you see something that's broken, or something that you'd like added, please create an issue.
As always, fork, patch, and push away!