[Bro] Stupid scripting question: SSH password detection limited to local networks
mike.patterson at uwaterloo.ca
Tue Jan 28 09:29:47 PST 2014
On Jan 28, 2014, at 11:37 AM, Robin Sommer <robin at icir.org> wrote:
> On Tue, Jan 28, 2014 at 10:08 -0500, Mike Patterson wrote:
>> I’m thinking my problem with the test script is simply that I’m not
>> running it with broctl
> Yeah, networks.cfg will be used only when running from broctl. For
> testing, broctl has a command "process" that processes a trace with
> (almost) the same configuration that it's using when running live See
> the corresponding entry in
Well, now I have a different problem, but the issue is somewhat tangential - unless that’s the only way for me to get Bro/broctl to tell me what it thinks my local networks are.
Issue with process: It bombs out with messages like:
error in /usr/local/bro-2.2/share/bro/policy/misc/loaded-scripts.bro, line 4: syntax error, at or near “module"
I’m running with
[BroControl] > process /path/to/pcap /path/to/test.bro
and I’ve also tried
process — /path/to/test.bro
process /path/to/pcap — /path/to/test.bro
Poor bernhard was trying to help me, and his install works just fine.
So now I don’t *know* if I’ve got one issue, or two issues. ;)
Any ideas, Robin?
More information about the Bro