[Bro] Attach Barnyard2 to Bro2

Jeremy Cox jeremy.cox at washk12.org
Tue Jan 21 13:11:27 PST 2014


I am attempting to use Barnyard2 to feed events from Suricata to Bro2.  It
looks like Barnyard2 wants to access Bro on 47757/tcp.  Bro is not
currently listening to that port.  And Im not sure how to get it listening,
or if thats just the old port it used to listen to.  I attempted to have
barnyard connect to 47760 in standalone mode, and 47761 or 47762 or 47763
in clustered mode.  In all instances Barnyard seems to connect to Bro, and
then unexpectedly crashes.  Am I missing something?  Should bro be
listening to 47757/tcp?

Any help would be great!

Thanks,

Jeremy


*Jeremy Cox*
Senior Network Engineer, ISO

*Washington County School District*121 W Tabernacle - St. George - UT
435-634-4315
www.washk12.org
687474703a2f2f7777772e7375706572746563686775792e636f6d

IMPORTANT NOTICE REGARDING THIS ELECTRONIC COMMUNICATION:

This e-mail, including any attachments thereto, contains information that
may be confidential or privileged, and is intended solely for the
individual or entity to whom it is addressed.  Recipient is hereby notified
that any disclosure, copying or distribution of this message is strictly
prohibited.  IF YOU ARE NOT THE INTENDED RECIPIENT, please notify the
originator of this e-mail immediately and destroy all information
received.  Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140121/66b0e68f/attachment.html 


More information about the Bro mailing list