[Bro] Bro 2.2 File Extraction (RHEL 6.5)

Seth Hall seth at icir.org
Wed Aug 6 13:07:30 PDT 2014

On Aug 6, 2014, at 3:53 PM, Jonathon Wright <jonathon.s.wright at gmail.com> wrote:

> I verified all configuration syntax: broctl check
>  bro -C -r my_pcap_file

Two separate things are going on here.  Broctl is really focused around running Bro on live traffic and orchestrating all of the complexity involved in that.  You are then separately trying to run the Bro binary on a trace file and get output.

Your whatever.bro script is installed and ready to be used when Bro is run with broctl.  Since you're just running Bro directly here though, you will want to load your script on the command line like this:

	bro -C -r my_pcap_file whatever.bro

You could also load the full local.bro script if you want that functionality too like this:

	bro -C -r my_pcap_file local.bro whatever.bro 

Does that explain things better?


Seth Hall
International Computer Science Institute
(Bro) because everyone has a network

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140806/f74905d3/attachment.bin 

More information about the Bro mailing list