problems using Bro (http)

rmkml rmkml at
Tue Jun 15 07:55:53 PDT 2004


I have a little question,

I start bro :

$ export BROPATH=/usr/src/bro/bro-pub-0.9a2/policy;
$ /usr/src/bro/bro-pub-0.9a2/bro -i eth0 bro.init mt http

ok bro not write on stdout !

when bro run,
files log.log/http.log/ftp.log/alert.log/weird.log
is zero

but if I stop bro,
only weird.log fill :
1087310691.743467 > spontaneous_FIN

and bro write on stdout :
1087310691.743467 0.172724 http 33282 80 tcp 0 ? 

possible help me please
why bro not fill http.log ?
and why bro write weird.log only after stop bro ?

I use bro 0.9a2 on linux 2.4.26.
same on fbsd49.
(no compile option: ./configure && make [openssl disable auto by 


Rmkml at

More information about the Bro mailing list