[Bro-Dev] Hui Lin_Problem to run simple Bro-pipe
Hui Lin (Hugo)
hlin33 at illinois.edu
Tue Oct 25 11:24:42 PDT 2011
Hi,
I think Bro-pipe is a special Broccoli client. So I try to test to run
Bro-pipe to see its effect. I can run it in older version of Bro (1.5) based
on 2009 workshop exercise. But when I follow the same step and run it in Bro
(1.6), nothing show up. I observe two situations:
1. directly run Bro binary without indicating interface
if I run Bro through command /usr/local/bro/bin/bro *.bro (without
indicating interface),
In Bro 1.5, after executing this command, Bro will continue execution.
But in Bro 1.6, Bro will terminate immediately. Is that the right
phenomenon?
2. run bro-pipe to send event to Bro instance
In Bro 1.5, I just first run command
/usr/local/bro/bin/bro *.bro (let Bro run)
and run bro-pipe
/usr/local/bro/bin/bropipe host=127.0.0.1:47757 <http://127.0.0.1:47758> -f
*.bro-pipe
And Bro can detect event
But in Bro 1.6, I need to run command
/usr/local/bro/bin/bro -i eth0 *.bro (let Bro run)
and run bro-pipe
/usr/local/bro/bin/bropipe host=127.0.0.1:47757 <http://127.0.0.1:47758/> -f
*.bro-pipe (I also try port 47758)
But Bro-pipe just stick there and there is even no warning such as "could
not connect Bro at ...". Bro does not detect any event
So how can I run Bro-Pipe in Bro 1.6
--
Hui Lin
Research Assistant
DEPEND Research Group, ECE Department
University of Illinois at Urbana-Champaign
hlin33 at illinois.edu
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.icsi.berkeley.edu/pipermail/bro-dev/attachments/20111025/8939d11d/attachment.html
More information about the bro-dev
mailing list