[Bro] tcpdump -w

Angelita de Cássia Corrêa angelita at uol.com.br
Thu Jun 16 07:35:28 PDT 2005


Thanks, I put the two lines in .bash_profile:
export BROHOME=/usr/local/bro
export BROPATH=/usr/local/bro/policy:/usr/local/bro/site

Now, when I run this command to test:   /usr/local/bro/bin/bro -r
/home/angelita/test.trace scan

I received this message: /usr/local/bro/bin/bro: problem with trace file
/home/angelita/test.trace - fread: Inappropriate ioctl for device

I have a question, what kind of file I have to create to be a tracefile? Do
I have to follow some tips?


Thanks
Angelita


----- Original Message ----- 
From: "Holger Dreger" <hdreger at net.in.tum.de>
To: "Angelita de Cássia Corrêa" <angelita at uol.com.br>
Cc: <Bro at bro-ids.org>
Sent: Thursday, June 16, 2005 11:27 AM
Subject: Re: [Bro] tcpdump -w


Hi,

On 15.06.2005 at 16:39 Angelita de Cássia Corrêa wrote:

> I used those commands:
>
> BROHOME=/usr/local/bro
> BROPATH=/usr/local/bro/policy:/usr/local/bro/site
>

sorry, I overlooked one detail: You have to export the BROPATH variable
in order to make bro work. You only set the variable for the shell
itself, not for its executed commands.

So in sh or bash use:
export BROHOME=/usr/local/bro
export BROPATH=/usr/local/bro/policy:/usr/local/bro/site

Holger





More information about the Bro mailing list