[Bro] Empty Reports
Edward Dean
edward.dean3 at gmail.com
Sun Sep 27 15:16:43 PDT 2009
Good Day!
Setting up bro on freebsd and noticing that the script to create
reports (/usr/local/scripts/site-report.pl) is generating empty
reports. The reports contain the expected formatting but no actual
data.
Not sure if this is relavent but to run the script, I did have to make
the change to the "summary_only" variable as suggested here:
http://tracker.icir.org/bro/ticket/54
Here is an example of the script's debug feedback:
hosta# /usr/local/scripts/site-report.pl -r 36 -d 3
report-start time: Thu Sep 24 00:00:30 2009 (1253750430)
report-end time: Fri Sep 25 12:00:30 2009 (1253880030)
Starting search for alarm files
List of alarm files which are within the time range ->
/nsm/bro/logs/alarm.hosta.09-09-25_15.58.20
Finished search for alarm files
Starting search for notice files
List of notice files which are within the time range ->
/nsm/bro/logs/notice.hosta.09-09-25_15.41.47
Finished search for notice files
Starting search for conn files
List of connection files which are within the time range ->
/nsm/bro/logs/conn.hosta.09-09-25_15.58.20-09-09-25_15.58.20
Finshed search for conn files
Starting processing of alarm files
Finished processing alarm files
Starting processing of conn file
/nsm/bro/logs/conn.hosta.09-09-25_15.58.20-09-09-25_15.58.20
Finished processing conn file
Generating report file: /nsm/bro/reports/my.domain.1253902342.90655.rpt
Any suggestions would be much appreciated.
Cheers!
E
More information about the Bro
mailing list