[Bro] installing time machine.

KB kebutler at gmail.com
Fri Aug 23 04:53:13 PDT 2013

On Aug 22, 2013, at 6:03 PM, Russell Fulton <r.fulton at auckland.ac.nz> wrote:

> I have decided to give time machine a try so I cloned the git repository but when I tried ./configure I found that it could not find the broccoli library.  I had installed bro from the security onion client library and assumed that it must not have included the library.

It has the library.  It's in /opt/bro/{include,lib}.  So adding "--with-broccoli=/opt/bro" should take care of it for you.
Here is the configure command that I got working with included pcap and bro.
$ CXXFLAGS="-I/opt/pfring/include" CFLAGS="-I/opt/pfring/include" ./configure --with-broccoli=/opt/bro --with-pcap=/opt/pfring

From your output, it looks like you could install bison and flex, too.

> I then tried to install broccoli from http://www.bro.org/downloads/release/broccoli-1.92.tar.gz
> Now I am getting:
> rful011 at secmontst01:~/broccoli-1.92$ ./configure
> Build Directory : build
> Source Directory: /home/rful011/broccoli-1.92
> -- The C compiler identification is GNU
> -- Check for working C compiler: /usr/bin/gcc
> -- Check for working C compiler: /usr/bin/gcc -- works
> -- Detecting C compiler ABI info
> -- Detecting C compiler ABI info - done
> -- Found OpenSSL: /usr/lib/x86_64-linux-gnu/libssl.so;/usr/lib/x86_64-linux-gnu/libcrypto.so 
> -- Could NOT find BISON (missing:  BISON_EXECUTABLE) 
> -- Found PCAP: /usr/lib/x86_64-linux-gnu/libpcap.so 
> -- Performing Test PCAP_LINKS_SOLO
> -- Performing Test PCAP_LINKS_SOLO - Success
> -- Looking for pcap_get_pfring_id
> -- Looking for pcap_get_pfring_id - not found
> do I need to point configure to a different pcap library to get it to use pf_ring?
> Which brings up the wider question of whether or not time machine will use pf_ring?
> apart from that the install just worked and I tweaked the cfg file and it is now logging data!
> Thinks:  "It can't be that easy"  ;)
> Russell
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130823/7e4ca8b4/attachment.bin 

More information about the Bro mailing list