problems using Bro (http)

rmkml rmkml at wanadoo.fr
Tue Jun 15 07:55:53 PDT 2004


Hi,

I have a little question,

I start bro :

$ export BROPATH=/usr/src/bro/bro-pub-0.9a2/policy;
$ /usr/src/bro/bro-pub-0.9a2/bro -i eth0 bro.init mt http

ok bro not write on stdout !

when bro run,
files log.log/http.log/ftp.log/alert.log/weird.log
is zero

but if I stop bro,
only weird.log fill :
1087310691.743467 2.10.12.2/33282 > 128.193.0.3/http: spontaneous_FIN

and bro write on stdout :
1087310691.743467 0.172724 2.10.12.2 128.193.0.3 http 33282 80 tcp 0 ? 
RSTR X


possible help me please
why bro not fill http.log ?
and why bro write weird.log only after stop bro ?


I use bro 0.9a2 on linux 2.4.26.
same on fbsd49.
(no compile option: ./configure && make [openssl disable auto by 
configure])

Regards

Rmkml at Wanadoo.fr




More information about the Bro mailing list