[Bro] Fwd: Some Questions, please

shan shan pudding33 at gmail.com
Thu Jun 25 22:56:21 PDT 2009 

Good Afternoon.My questions are as follows:

Q1. I can not solve the problem when doing bro_config, and the command lines
are in the attached file config.txt .
    I do not know whether my configuration  is setup right.
    Because I only get a log file in the /usr/local/bro/logs fold (in the
attached file info.localhost.09-06-25_13.25.33).
    In the /usr/local/bro/reports folder there is no report file.
    Are  the report  generated automatically? Or shuld I generate it by
hand?

Q2. In the quick-Start file, I find that the report example. At the end of
the report, there is a list of connections(only first 25 after alarm are
listed).
    I want to ask: if there is no alarm, will there be no connections list
(such as time and byte information)?
    And Bro can list  only first 25 connections after alarm ?
    If I  want the information of all connections, how can I get that?

Thank you very much!
I am looking forward for your reply.[?]
-- 


Zhu Shan




-- 


Zhu Shan



-- 


Zhu Shan
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20090626/9f737f3d/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 96 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20090626/9f737f3d/attachment.gif 
-------------- next part --------------
[root at localhost scripts]# ./bro_config
Automode not enabled

Running Bro Configuration Utility

Configure settings in bro.cfg? (YES/no)  [YES] 
Values enclosed in '[ ]'s are the default value set if you hit return.

**** Detected previous bro.cfg file *****
May I use /usr/local/bro/etc/bro.cfg for defaults? [Y/n]Y
Sourcing /usr/local/bro/etc/bro.cfg for defaults.
 Log archive directory [/usr/local/bro/archive] 
 User id to install and run Bro under [root] 
 Interface name to listen on.  The default is to use the busiest one found. [eth0] 
 Site name for reports (i.e. LBNL, FOO.COM, BAZ.ORG) [eth0] 
 Starting time for a report run (0001 is 12:01 am and 1201 is 12:01pm) [0000] 
 How often (in hours) to generate an activity report [24] 
 Email reports? (YES/no)  [YES] 
 Email address for local reports to be mailed to [NO] 
 Do you want to encrypt email reports (YES/NO) [NO] 
error: "net.core.rmem_max" must be of the form name=value
error: Malformed setting "="
error: "16777216" must be of the form name=value
ERROR: Can't change value, entry exists in /etc/sysctl.conf!
 May I guess your network configuration for you?  [YES] 
Checking network
Running localnets script to determine the local network range ... 
This will take about 20 seconds
Capturing packets .... done.
Analyzing dump file.....cannot execute ./adtrace/adtrace /tmp/bro_config.tcpdump.file.29010: ??????????????????????
 done.
grep: local.site.bro: ??????????????????????
./bro_config: line 462: [: : integer expression expected
Your network appears to contain the following networks:
grep: local.site.bro: ??????????????????????
Edit local.site.bro by hand if this is not correct
Bro Configuration Finished. 
Press any key to now to continue. 
You have new mail in /var/spool/mail/root
[root at localhost scripts]# 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: info.localhost.09-06-25_13.25.33
Type: application/octet-stream
Size: 2078 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20090626/9f737f3d/attachment.obj

More information about the Bro mailing list