[Bro] Several questions

Brian Tierney bltierney at lbl.gov
Thu Jul 12 17:03:23 PDT 2007 

The bro.rc does not work unless you run 'make install-brolite'
Did you do that?

No idea how this all maps to a 'FreeBSD port'

Paul Schmehl wrote:
> I'm working on an upgrade to the bro port in FreeBSD (from 0.9a4a to
> 1.1d-stable.)  I've never used bro, but I maintain a number of ports. 
> I've found that bro is quite a complex port.  I've had to address a
> number of issues where bro does things in a "non-standard" (for FreeBSD)
> way, but I've finally got the port installing correctly and in the
> "right" (for FreeBSD) locations.
> 
> Now I'm testing running bro, and I've run into some problems that I
> don't know the answer to.
> 
> 1) When I try to run bro.rc start, I get a permission denied error.
> 
> bro.rc: Starting ..........bro.rc: Failed to start Bro
> /var/tmp/bro/bin/bro.rc: /var/tmp/bro/bin: Permission denied
> ... FAILED
> 
> I tried changing the user from bro to root, but I still get the error. 
> All the directories and files have the "standard" permissions (xwrx-rx-r
> for dirs and executables -rw-r--r- for other files such as policy files
> and scripts.  The messages file doesn't include any additional information.
> 
> If I set DEBUG=1 in bro.rc, I get this:
> 
> root at utd59514# /var/tmp/bro/bin/bro.rc start
> bro.rc: Starting /var/tmp/bro/bin/bro.rc: /var/tmp/bro/bin: Permission
> denied
> 
> Huh?
> 
> root at utd59514# ls -lsa /var/tmp/bro/bin/bro
> 1760 -r-xr-xr-x  1 root  wheel  1784264 Jul 12 09:27 /var/tmp/bro/bin/bro
> 
> And I can run bro from the commandline (although that brings up another
> issue)
> 
> root at utd59514# /var/tmp/bro/bin/bro -i bge0
> ^C
> 
> Any suggestions as to where to look for this problem would be appreciated.
> 
> 2) I can't seem to figure out the correct format for the local.site.bro
> file
> 
> root at utd59514# /var/tmp/bro/bin/bro -i bge0 utd59514.utdallas.edu.bro
> /var/tmp/bro/bro/site/utd59514.utdallas.edu.bro, line 1: error: syntax
> error, at or near ","
> 
> Here's the file:
> 
> root at utd59514# less /var/tmp/bro/bro/site/utd59514.utdallas.edu.bro
> 129.110.0.0/16, 10.0.0.0/8
> 
> I have tried enclosing this in brackets [129.110.0.0/16, 10.0.0.0/8].  I
> have tried replacing the comma with a space.  I have tried
> 129.110.0.0/16 with and without the brackets.  No matter what format I
> use, I get the syntax error.
> 
> Is this a bug?  Or have I missed something doh simple?
> 
> 
> ------------------------------------------------------------------------
> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

-- 
------------------------------------------------------------------------
  Brian L. Tierney,   Lawrence Berkeley National Laboratory (LBNL)
  1 Cyclotron Rd.  MS: 50B-2239,  Berkeley, CA  94720
  tel: 510-486-7381    fax: 510-495-2998   efax: 425-642-4558
  bltierney at lbl.gov   http://www-didc.lbl.gov/~tierney
------------------------------------------------------------------------

More information about the Bro mailing list