[Bro] how to run on trace files
kanthi myneni
kanthimyneni at gmail.com
Thu Dec 20 10:58:22 PST 2007
Hi,
I am trying to run bro on trace file specifically on the tcpdump file
provided in bro workshop.
url
http://www.bro-ids.org/bro-workshop-2007/exercises/exercise1.html
but I was unable run that giving me command not found.
sample of my output is
In the url
http://www.bro-ids.org/bro-workshop-2007/exercises/exercise1-solution.html
they asked to create local.bro
I created that file
Then they asked to run some analyzer
they asked to use setenv and bro -r
I used to them but giving me command not found.
loud at 1006kro:/usr/local/bro$ sudo vim local.bro
loud at 1006kro:/usr/local/bro$ ls
archive etc lib logs policy scripts site var
bin include local.bro perl reports share trace1.tcpdump
loud at 1006kro:/usr/local/bro$ cat local.bro
redef local_nets: set[subnet] = {
10.20.1.0/24,
};
loud at 1006kro:/usr/local/bro$ sudo setenv BROPATH =
/usr/local/bro/site/:/usr/local/bro/policy/:/usr/local/bro/policy/sigs
sudo: setenv: command not found
loud at 1006kro:/usr/local/bro$ setenv BROPATH =
/usr/local/bro/site/:/usr/local/bro/policy/:/usr/local/bro/policy/sigs
bash: setenv: command not found
loud at 1006kro:/usr/local/bro$ bro -r trace1.tcpdump local tcp alarm wierd
bash: bro: command not found
loud at 1006kro:/usr/local/bro$
are those commands depend on the directory I am present.
In which directory do I need to run that command.
Thanks,
KM.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20071220/5bf1bca1/attachment.html
More information about the Bro
mailing list