[Bro] failed to start BRO

jags0nhak3r at engineer.com jags0nhak3r at engineer.com
Thu Oct 29 18:51:33 PDT 2009 

 

 
Hi, 

Thanks for your Re

I figured out that localhost.localdomain.bro is file and BRO needs to open it when it starts. that file should be located at {BROPATH}, that is right.

here is my BROPATH

# Bro policy paths
BROPATH="/usr/local/bro/share/bro/site:/usr/local/bro/share/bro:/usr/local/bro/share/bro/sigs:/usr/local/bro/share/bro/time-machine"
export BROPATH

# Filename of the Bro start policy.  Must be located in one of the directories in $BROPATH
BRO_START_POLICY="localhost.localdomain.bro"

I wonder why the so called file localhost.localdomain.bro is not created in BROPATH by default. Thus, I created it in this PATH
/usr/local/bro/share/bro manually and BRO successfully started. 

I also would like to know what is the purpose of that file what should be in it?

btw, 
1- what and how should I start to capture packets, analyze them? 
2-  what commands shall I run where the analysis files are stored?

I read in the BRO user manual, it mentions that to run BRO type the following comman 

bro  -[options]
but when I run bro, which is a binary file, I get    bash: bro: command not found

what is wrong with my configuration...


Please I need assistance, 

Regards















 

-----Original Message-----
From: jean-philippe luiggi <jean-philippe.luiggi at didconcept.com>
To: jags0nhak3r at engineer.com
Cc: bro at ICSI.Berkeley.EDU
Sent: Fri, Oct 30, 2009 8:58 am
Subject: Re: [Bro] failed to start BRO










* jags0nhak3r at engineer.com <jags0nhak3r at engineer.com> [2009-10-29 03:34:51 
-0400]:

> 
> Hi everyone
> 
> I am new to Bro IDS 1.4, I have tried to install it on CentOs platform. well, 
at the beginning It was difficul, however I manage to install it with the same 
instructions
> 
> ./configure
> 
> make 
> make install
> 
> make install-brolite
> 
> bro-lite did a very well job. It created all the directories in bro home 
directory /usr/local/bro
> 
> [bro at localhost bro]$ ls
> archive  bin  etc  include  lib  logs  reports  scripts  share  site  var
> 
> the problem I am facing is that when I try to start bro using bro.rc file with 
this  {BROHOME}/etc/bro.rc start it fails and gives me this erro
> 
> [bro at localhost ~]$ /usr/local/bro/etc/bro.rc start
> bro.rc: Starting ..........bro.rc: Failed to start Bro
> line 1: error: can't open localhost.localdomain.bro
> ... FAILED
> 
> Note: i have tried to change my host name to localhost.localdomain.bro
> 
> Any ideas please.. help

  Hello,

  Bro is searching for a file called "localhost.localdomain.bro" in the
  various path defined in your BROPATH environment variable.
  
  So two questions :
  
  Do your file exists somewhere ?
  Is it in a directory specied in "BROPATH" ?
  
  Mine is defined as follow into my .bashrc :
  
  export BROPATH=/opt/share/bro/policy
  
  Cheers,
  
  Jean-Philippe.
  
  
  

 



 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20091029/c25c667c/attachment.html

More information about the Bro mailing list