[Bro] how to run on trace files

kanthi myneni kanthimyneni at gmail.com
Thu Dec 20 13:30:22 PST 2007


Thanks a lot for your reply.

It worked. But I am having problem in running bro . It is giving me the
following error

loud at 1006kro:/usr/local/bro/bin$ sudo bro -r trace1.tcpdump local tcp alarm
weird
Password:
sudo: bro: command not found
loud at 1006kro:/usr/local/bro/bin$ sudo ./bro -r trace1.tcpdump local tcp
alarm weird
line 1: error: can't open bro.init
loud at 1006kro:/usr/local/bro/bin$


Giving me the above error.

Thanks&Regards,
Kanthi Myneni.

On Dec 20, 2007 3:55 PM, Nicholas Weaver <nweaver at icsi.berkeley.edu> wrote:

> On Thu, Dec 20, 2007 at 02:40:06PM -0500, kanthi myneni composed:
> > I am sorry I didnt get it. I am not that much familiar with linux
> commands .
> >
> > I tried to do so but getting same output
> >
> > loud at 1006kro:/$ BROHOME = /usr/local/bro/
> > bash: BROHOME: command not found
> > loud at 1006kro:/$ BROPATH = $/usr/local/bro/site
> > bash: BROPATH: command not found
> > loud at 1006kro:/$ PATH = /usr/local/bro/bin:SPATH
> > bash: PATH: command not found
>
> No spaces, sorry
>
> BROHOME=/usr/local/bro/
> BROPATH=$BROHOME/site:$BROHOME/policy:$BROHOME/policy/sigs
> PATH=/usr/local/bro/bin:$PATH
>
> > Thanks&Regards,
> > Kanthi Myneni.
> >
> > On Dec 20, 2007 2:10 PM, Nicholas Weaver <nweaver at icsi.berkeley.edu>
> wrote:
> >
> > > Setenv is the TCSH syntax for setting environment variables.
> > >
> > > For bash, you do
> > >
> > > BROHOME=/usr/local/bro
> > > BROPATH=$BROHOME/site:$BROHOME/policy:$BROHOME/sigs
> > >
> > > Also, you need to set your path to include bro
> > >
> > > PATH=/usr/local/bro/bin:$PATH
> > >
> > >
> > >
> > >
> > > > loud at 1006kro:/usr/local/bro$ bro -r trace1.tcpdump local tcp alarm
> wierd
> > > > bash: bro: command not found
> > > > loud at 1006kro:/usr/local/bro$
> > > >
> > > >
> > > > are those commands depend on the directory I am present.
> > > >
> > > > In which directory do I need to run that command.
> > > >
> > > > Thanks,
> > > > KM.
> > >
> > > > _______________________________________________
> > > > Bro mailing list
> > > > bro at bro-ids.org
> > > > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> > >
> > > --
> > > Nicholas C. Weaver
> nweaver at icsi.berkeley.edu
> > >     This message has been ROT-13 encrypted twice for higher security.
> > >
>
> --
> Nicholas C. Weaver                               nweaver at icsi.berkeley.edu
>     This message has been ROT-13 encrypted twice for higher security.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20071220/c1b90a4e/attachment.html 


More information about the Bro mailing list