[Bro] trace-summary script and number of local networks defined
Gaspar Modelo-Howard
gmhoward at gmail.com
Sun Dec 4 11:49:40 PST 2011
Set up Bro (version 2.0-beta-47) and have a couple of questions
regarding the etc/networks.cfg file:
(1) When defining more than 24 local networks in etc/networks.cfg, the
trace-summary script throws the following error message and does not
email the regular connections stats summary:
Traceback (most recent call last):
File "/usr/local/bro/bin/trace-summary", line 816, in <module>
LocalNetsIntervals[net] = i
File "/usr/local/bro/lib/broctl/SubnetTree.py", line 86, in
__setitem__
def __setitem__(self, *args): return
_SubnetTree.SubnetTree___setitem__(self, *args)
IndexError: cannot insert network
Command exited with non-zero status 1
0:00.04 real, 0.05 user, 0.00 sys, 0K total memory
I tested for different number of local network declarations (all /24)
and 24 seems to reach a limit. When defining 25 or more nets, get the
error message from above. Have been looking at trace-summary and
subnetTree.py but have not yet detected the cause of the problem.
(2) Can you 'aggregate' local networks on the etc/networks.cfg file so
the stats for several defined networks can be reported by trace-summary
as just one network? For example, say I declare the local networks in
networks.cfg as:
1.1.1.0/24 Network A
1.1.2.0/24 Network B
1.1.3.0/24 Network C
Then I want trace-summary to give the aggregated stats for both Networks
A and C, in a single table. Feasible? Tried using same tags for
different networks but did not work.
Wonder if anybody has run into any of these two issues.
Thanks,
Gaspar
More information about the Bro
mailing list