vern at ee.lbl.gov
Mon Oct 25 22:42:06 PDT 1999
> I think that ther should be some way to localize information about
> hostnames of machines involved into the policies. It is rather difficult
> to navigate through lots of policies-files.
Yes, I strongly agree. There will be features in the 0.7 release for doing
> Qest: How can I know that bro works properly? As far as I remember, I
> didn't install additional required libs, but it works.
Many systems come with the required library (libpcap) already installed.
> After checking
> policy-files, it told that it's lissening on interface ed0.Can I be sure
> that it is true.
You can believe the interface it claims to be listening on, that code
is copied straight from tcpdump.
To test it, create a connection that should be observed from the interface,
terminate it, and see if Bro records it in the red.* output file.
More information about the Bro