[Bro] installing time machine.

Russell Fulton r.fulton at auckland.ac.nz
Thu Aug 22 15:03:07 PDT 2013


I have decided to give time machine a try so I cloned the git repository but when I tried ./configure I found that it could not find the broccoli library.  I had installed bro from the security onion client library and assumed that it must not have included the library.

I then tried to install broccoli from http://www.bro.org/downloads/release/broccoli-1.92.tar.gz

Now I am getting:

rful011 at secmontst01:~/broccoli-1.92$ ./configure
Build Directory : build
Source Directory: /home/rful011/broccoli-1.92
-- The C compiler identification is GNU
-- Check for working C compiler: /usr/bin/gcc
-- Check for working C compiler: /usr/bin/gcc -- works
-- Detecting C compiler ABI info
-- Detecting C compiler ABI info - done
-- Found OpenSSL: /usr/lib/x86_64-linux-gnu/libssl.so;/usr/lib/x86_64-linux-gnu/libcrypto.so 
-- FLEX_EXECUTABLE (missing:  FLEX_VERSION) 
-- Could NOT find BISON (missing:  BISON_EXECUTABLE) 
-- Found PCAP: /usr/lib/x86_64-linux-gnu/libpcap.so 
-- Performing Test PCAP_LINKS_SOLO
-- Performing Test PCAP_LINKS_SOLO - Success
-- Looking for pcap_get_pfring_id
-- Looking for pcap_get_pfring_id - not found

do I need to point configure to a different pcap library to get it to use pf_ring?

Which brings up the wider question of whether or not time machine will use pf_ring?

apart from that the install just worked and I tweaked the cfg file and it is now logging data!

Thinks:  "It can't be that easy"  ;)

Russell






More information about the Bro mailing list