[Bro] Nodes still crashing/Site specific files

Richards, James L - DOA James.Richards at wisconsin.gov
Fri Jun 14 08:27:38 PDT 2013

That is just what I was looking at...  everything is running as user bro...

Thanks much...

James Richards
Office of Security
Wisconsin Department of Administration

-----Original Message-----
From: Siwek, Jonathan Luke [mailto:jsiwek at illinois.edu] 
Sent: Friday, June 14, 2013 10:25 AM
To: Richards, James L - DOA
Cc: bro at bro.org
Subject: Re: [Bro] Nodes still crashing/Site specific files

On Jun 14, 2013, at 9:57 AM, "Richards, James L - DOA" <James.Richards at wisconsin.gov> wrote:

> I ran ./configure --prefix=/usr/local/bro 
> --with-pcap=/usr/local/pfring Then make, make install, chown -R etc.
> It is no longer giving me the libpcap in diag, but I am now getting:
> fatal error: /usr/local/bro/bin/bro: problem with interface eth4 - 
> pcap_open_live: eth4: You don't have permission to capture on that 
> device (socket: Operation not permitted)

What user were you `chown`ing things to?  You'll have to do something extra for non-root users to be able to capture packets, see [1].

- Jon

[1] http://www.bro.org/documentation/faq.html#how-can-i-capture-packets-as-an-unprivileged-user

More information about the Bro mailing list