[Bro] how to run on trace files

kanthi myneni kanthimyneni at gmail.com
Thu Dec 20 10:58:22 PST 2007


Hi,

I am trying to run bro on trace file specifically on the tcpdump file
provided in bro workshop.

url

http://www.bro-ids.org/bro-workshop-2007/exercises/exercise1.html

but I was unable run that giving me command not found.

sample of my output is

In the url

http://www.bro-ids.org/bro-workshop-2007/exercises/exercise1-solution.html

they asked to create local.bro

I created that file

Then they asked to run some analyzer

they asked to use setenv and bro -r

I used to them but giving me command not found.


loud at 1006kro:/usr/local/bro$ sudo vim local.bro
loud at 1006kro:/usr/local/bro$ ls
archive etc lib logs policy scripts site var
bin include local.bro perl reports share trace1.tcpdump
loud at 1006kro:/usr/local/bro$ cat local.bro
redef local_nets: set[subnet] = {
10.20.1.0/24,
};
loud at 1006kro:/usr/local/bro$ sudo setenv BROPATH =
/usr/local/bro/site/:/usr/local/bro/policy/:/usr/local/bro/policy/sigs
sudo: setenv: command not found
loud at 1006kro:/usr/local/bro$ setenv BROPATH =
/usr/local/bro/site/:/usr/local/bro/policy/:/usr/local/bro/policy/sigs
bash: setenv: command not found
loud at 1006kro:/usr/local/bro$ bro -r trace1.tcpdump local tcp alarm wierd
bash: bro: command not found
loud at 1006kro:/usr/local/bro$


are those commands depend on the directory I am present.

In which directory do I need to run that command.

Thanks,
KM.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20071220/5bf1bca1/attachment.html 


More information about the Bro mailing list