<div dir="ltr">Hi Merril,<br><br>To address the first issue maybe you need to ensure that the user executing the bro process can read and write to /usr/local/bro/logs and /usr/local/bro/spool/<br><br>For the second issue, If you running a newer version of linux you can get around the packet capture permission issue by giving the bro binary the capability to perform a raw packet capture with a command like:<br><br>> sudo setcap cap_net_raw,cap_net_admin=eip /usr/local/bro/bin/zeek<br><br>Good luck,<div> Nick</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Wed, Jun 19, 2019 at 1:59 PM Merril Mathew <<a href="mailto:merril.mathew@baby2body.com">merril.mathew@baby2body.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">Hi all,<div><br></div><div>Is there a way to install Bro as a non-root user? Everything works fine if its installed as root but I had problems sending Bro logs to logstash as a non-root user. </div><div><br></div><div>When I tried to install as a regular user with sudo privilege, I noticed two errors mainly. </div><div><br></div><div>1) <span style="color:rgb(23,43,77);font-family:monospace;font-size:14px">Error: unable to open database file: /usr/local/bro/spool/state.db</span></div><div>2) <span style="font-size:13px">fatal error: /opt/bro/bin/bro: problem with interface eth0 - pcap_open_live: eth0: You don't have permission to capture on that device (socket: Operation not permitted)</span> </div><div><br></div><div>Any idea where to go next for me?</div><div><br></div><div>Kind regards,</div><div>Merril.</div></div>
_______________________________________________<br>
Zeek mailing list<br>
<a href="mailto:zeek@zeek.org" target="_blank">zeek@zeek.org</a><br>
<a href="http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek" rel="noreferrer" target="_blank">http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek</a></blockquote></div>