A daily "internal" report is created that covers three sets of information:
$BRODIR/reports
.
The two reports will be mailed to the email addresses specified during
Bro installation. These email addresses can be changed by re-running
the bro_config
script or by editing $BROHOME/etc/bro.cfg
directly.
Each
report has its own set of email addresses. If it is desired to send
the auxiliary report directly to the external incident analysis
organization without inspection, enter their email address directly.
Otherwise, have the external email sent to someone who can inspect and
forward it appropriately.