[Bro] tcpdump -w
Angelita de Cássia Corrêa
angelita at uol.com.br
Wed Jun 15 07:39:12 PDT 2005
Hi!
I tried to test the tcpdump -w, following the steps bellow:
Bro can also be run on tcpdump -w files instead of on live traffic. To do this, you must set a BROPATH enviroment variable to point at your set of policy scripts. For example:
setenv BROHOME /usr/local/bro
setenv BROPATH $BROHOME/policy:$BROHOME/site
bro -r dumpfile brohost
I used those commands:
BROHOME=/usr/local/bro
BROPATH=/usr/local/bro/policy:/usr/local/bro/site
When I tried this command: "bro -r /home/xxxx/tcpdump.teste scan" , I received this message:
line 1: error: can't open bro.init
What can I do to resolve this problem?
Thanks,
Angelita
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20050615/d2edfdaa/attachment.html
More information about the Bro
mailing list