[Bro] Basic Question
justin at justinthomas.name
Thu Dec 6 09:18:21 PST 2012
Argh - no tabs in Gmail.
...and still don't see any activity despite seeing lots of messages in
Any troubleshooting tips? I also know that the connection to the sensor is
being established - I'm entering the script interactively via ipython and
no errors are generated (and I see the connected socket via netstat on the
On Thu, Dec 6, 2012 at 9:14 AM, Justin Thomas <justin at justinthomas.name>wrote:
> It actually is configured as standalone - my mistake.
> I changed my python script to:
> from broccoli import *
> bc = Connection("10.0.0.1:47760")
> def new_connection(event):
> On Thu, Dec 6, 2012 at 8:56 AM, Justin Thomas <justin at justinthomas.name>wrote:
>> From here:
>> I guess the "old" in the URL should have tipped me off. I had some
>> trouble finding descriptions of built-in events, so I just grabbed the
>> first thing that looked reasonable. I'll look over the document you linked
>> below. I did try using the "new_connection" event with similar results
>> (i.e., none), so your comment on the cluster configuration may also be a
>> sticking point for me.
>> I'll look over my configuration with that note about the manager not
>> generating the protocol events in mind; I'm not sure on the specifics (if I
>> recall correctly, I think I configured it as a cluster for future expansion
>> but am only running on one machine right now).
>> On Thu, Dec 6, 2012 at 6:51 AM, Seth Hall <seth at icir.org> wrote:
>>> On Dec 6, 2012, at 12:55 AM, Justin Thomas <justin at justinthomas.name>
>>> > @event
>>> > def ssl_conn_attempt(connection, version, ciphers):
>>> Where did you get this event from? That is an old event that was
>>> removed prior to the 2.0 release. You can refer to the following link for
>>> all of our current (2.1 release) analyzer generated events:
>>> Are you running Bro with BroControl in standalone mode too? If you run
>>> a cluster and you only connect to your manager you won't see these events
>>> either because the protocol events aren't being generated on the manager.
>>> It looks like you're doing the right things in your python script though.
>>> Seth Hall
>>> International Computer Science Institute
>>> (Bro) because everyone has a network
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro