[Bro] how to run on trace files

Nicholas Weaver nweaver at ICSI.Berkeley.EDU
Thu Dec 20 14:25:18 PST 2007 

A: For running off of traces, you don't need to use sudo and shoundn't.

THe can't find "bro.init" error says the bropath is messed up

type the command: which bro
printenv BROHOME
printenv BROPATH


On Thu, Dec 20, 2007 at 04:30:22PM -0500, kanthi myneni composed:
> Thanks a lot for your reply.
> 
> It worked. But I am having problem in running bro . It is giving me the
> following error
> 
> loud at 1006kro:/usr/local/bro/bin$ sudo bro -r trace1.tcpdump local tcp alarm
> weird
> Password:
> sudo: bro: command not found
> loud at 1006kro:/usr/local/bro/bin$ sudo ./bro -r trace1.tcpdump local tcp
> alarm weird
> line 1: error: can't open bro.init
> loud at 1006kro:/usr/local/bro/bin$
> 
> 
> Giving me the above error.
> 
> Thanks&Regards,
> Kanthi Myneni.
> 
> On Dec 20, 2007 3:55 PM, Nicholas Weaver <nweaver at icsi.berkeley.edu> wrote:
> 
> > On Thu, Dec 20, 2007 at 02:40:06PM -0500, kanthi myneni composed:
> > > I am sorry I didnt get it. I am not that much familiar with linux
> > commands .
> > >
> > > I tried to do so but getting same output
> > >
> > > loud at 1006kro:/$ BROHOME = /usr/local/bro/
> > > bash: BROHOME: command not found
> > > loud at 1006kro:/$ BROPATH = $/usr/local/bro/site
> > > bash: BROPATH: command not found
> > > loud at 1006kro:/$ PATH = /usr/local/bro/bin:SPATH
> > > bash: PATH: command not found
> >
> > No spaces, sorry
> >
> > BROHOME=/usr/local/bro/
> > BROPATH=$BROHOME/site:$BROHOME/policy:$BROHOME/policy/sigs
> > PATH=/usr/local/bro/bin:$PATH
> >
> > > Thanks&Regards,
> > > Kanthi Myneni.
> > >
> > > On Dec 20, 2007 2:10 PM, Nicholas Weaver <nweaver at icsi.berkeley.edu>
> > wrote:
> > >
> > > > Setenv is the TCSH syntax for setting environment variables.
> > > >
> > > > For bash, you do
> > > >
> > > > BROHOME=/usr/local/bro
> > > > BROPATH=$BROHOME/site:$BROHOME/policy:$BROHOME/sigs
> > > >
> > > > Also, you need to set your path to include bro
> > > >
> > > > PATH=/usr/local/bro/bin:$PATH
> > > >
> > > >
> > > >
> > > >
> > > > > loud at 1006kro:/usr/local/bro$ bro -r trace1.tcpdump local tcp alarm
> > wierd
> > > > > bash: bro: command not found
> > > > > loud at 1006kro:/usr/local/bro$
> > > > >
> > > > >
> > > > > are those commands depend on the directory I am present.
> > > > >
> > > > > In which directory do I need to run that command.
> > > > >
> > > > > Thanks,
> > > > > KM.
> > > >
> > > > > _______________________________________________
> > > > > Bro mailing list
> > > > > bro at bro-ids.org
> > > > > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> > > >
> > > > --
> > > > Nicholas C. Weaver
> > nweaver at icsi.berkeley.edu
> > > >     This message has been ROT-13 encrypted twice for higher security.
> > > >
> >
> > --
> > Nicholas C. Weaver                               nweaver at icsi.berkeley.edu
> >     This message has been ROT-13 encrypted twice for higher security.
> >

-- 
Nicholas C. Weaver                               nweaver at icsi.berkeley.edu
     This message has been ROT-13 encrypted twice for higher security.

More information about the Bro mailing list