[Bro] failed to start BRO

jags0nhak3r at engineer.com jags0nhak3r at engineer.com
Thu Oct 29 18:51:33 PDT 2009



Thanks for your Re

I figured out that localhost.localdomain.bro is file and BRO needs to open it when it starts. that file should be located at {BROPATH}, that is right.

here is my BROPATH

# Bro policy paths
export BROPATH

# Filename of the Bro start policy.  Must be located in one of the directories in $BROPATH

I wonder why the so called file localhost.localdomain.bro is not created in BROPATH by default. Thus, I created it in this PATH
/usr/local/bro/share/bro manually and BRO successfully started. 

I also would like to know what is the purpose of that file what should be in it?

1- what and how should I start to capture packets, analyze them? 
2-  what commands shall I run where the analysis files are stored?

I read in the BRO user manual, it mentions that to run BRO type the following comman 

bro  -[options]
but when I run bro, which is a binary file, I get    bash: bro: command not found

what is wrong with my configuration...

Please I need assistance, 



-----Original Message-----
From: jean-philippe luiggi <jean-philippe.luiggi at didconcept.com>
To: jags0nhak3r at engineer.com
Cc: bro at ICSI.Berkeley.EDU
Sent: Fri, Oct 30, 2009 8:58 am
Subject: Re: [Bro] failed to start BRO

* jags0nhak3r at engineer.com <jags0nhak3r at engineer.com> [2009-10-29 03:34:51 

> Hi everyone
> I am new to Bro IDS 1.4, I have tried to install it on CentOs platform. well, 
at the beginning It was difficul, however I manage to install it with the same 
> ./configure
> make 
> make install
> make install-brolite
> bro-lite did a very well job. It created all the directories in bro home 
directory /usr/local/bro
> [bro at localhost bro]$ ls
> archive  bin  etc  include  lib  logs  reports  scripts  share  site  var
> the problem I am facing is that when I try to start bro using bro.rc file with 
this  {BROHOME}/etc/bro.rc start it fails and gives me this erro
> [bro at localhost ~]$ /usr/local/bro/etc/bro.rc start
> bro.rc: Starting ..........bro.rc: Failed to start Bro
> line 1: error: can't open localhost.localdomain.bro
> ... FAILED
> Note: i have tried to change my host name to localhost.localdomain.bro
> Any ideas please.. help


  Bro is searching for a file called "localhost.localdomain.bro" in the
  various path defined in your BROPATH environment variable.
  So two questions :
  Do your file exists somewhere ?
  Is it in a directory specied in "BROPATH" ?
  Mine is defined as follow into my .bashrc :
  export BROPATH=/opt/share/bro/policy



-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20091029/c25c667c/attachment.html 

More information about the Bro mailing list