[Bro] help required in logs with bro
anthony.kasza at gmail.com
Wed Nov 23 13:54:50 PST 2016
Your VM may be using its loopback address for the connection to the local
Apache server. If Bro is listening on eth0 (not the loopback interface) it
won't see that traffic.
As for the curl'ing of external sites, have you tried something basic like
tcpdump just to make sure packets are moving? I'd also try running the Bro
binary, without broctl, on an interface just to make sure Bro is compiled,
happy, and seeing packets move.
On Nov 23, 2016 1:33 PM, "Yagyesh Srivastava" <ysrivas at ncsu.edu> wrote:
> I have downloaded bro and built it on a VM, using configure, make and make
> Then i ran broctl install and deploy.
> when i run broctl using "sudo broctl start" and subsequently issue "sudo
> broctl status", it shows bro running as standalone on localhost.
> my /nsm/bro/etc/nod.cfg file has
> type = standalone
> host = localhost
> interface = eth0
> Now when i try to connect to internet using my vm browser
> or i curl to localhost (which has apache server running and after making
> node.cfg file to hear on interface loopback) in either of the cases i
> cannot see any logs getting generated.
> *can someone please help me with this issue?*I dont think bro is sniffing
> on the correct interface , there is something trivial i am guessing which
> is going wrong. Please provide any pointers if possible.
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro