[Bro] remote.bro
Christian Kreibich
christian at whoop.org
Fri Oct 6 12:09:40 PDT 2006
Hi Sandro,
On Fri, 2006-10-06 at 20:00 +0200, Sandro Reichert wrote:
> thanks for the hints, inter-bro(1.1) communication works :-)
great! :)
> but - it only works with traffic on the listening interface - is that
> right? i dont have a network trap or something like this, my
> configuration for testing is:
> 2 PCs with 1 eth interface connected to a switch.
> when i start both bros, there is nothing written into the remote-logs
> until i start a port-scan to generate traffic. what would be the best
> way to generate dummy traffic ?
Mhmmm this is not supposed to happen any more -- older versions did
indeed have the problem that communication was "driven" by observing
live traffic, but as of 1.1 this should be fixed. Things depend on
whether your OS supports selectable file descriptors or not. Could you
please tell us what OS you are on, and post (or send me) the config.h
file you obtain after running configure? Thanks.
Cheers,
Christian.
--
________________________________________________________________________
http://www.cl.cam.ac.uk/~cpk25
http://www.whoop.org
More information about the Bro
mailing list