[Bro] Problem with Broccoli connection
Daniel Wyschogrod
dwyschogrod at bbn.com
Mon Dec 3 09:00:03 PST 2012
Seth,
Thanks for clarifying that. I can certainly live with port 47760 now that I know that it's the "official" port. It probably would be a good idea to add to the documentation that BroControl uses this port, though I might have missed it.
Going forward, we hope to contribute some of our work with external sensors.
Thanks again for your help.
Dan
____________________
Dan Wyschogrod
Senior Scientist
Cyber Security
Raytheon/BBN Technologies
dwyschogrod at bbn.com
On Dec 3, 2012, at 11:38 AM, Seth Hall <seth at icir.org> wrote:
>
> On Dec 3, 2012, at 11:28 AM, Daniel Wyschogrod <dwyschogrod at bbn.com> wrote:
>
>> I think I've tracked down the problem, but it leads to another mystery. In my local.bro file, as I've pointed out, I have inserted the line:
>
> Oh, are you running this through BroControl? BroControl configures the communication framework for you. All you need to do is add another value to the Communication::nodes variable with the events to listen to.
>
> redef Communication::nodes += {
> ["barnyard2"] = [$host=127.0.0.1, $class="Barnyard2", $events=/Barnyard2::.*/],
> };
>
> You *should* now be able to connect to the process, but you'll have to connect on port 47760/tcp. Is there a particular reason that you want to change that? You can't really do that in any BroControl deployment at the moment, and the communication code only can listen on a single port per Bro process.
>
> This is a somewhat undefined area of operation because there hasn't been a lot of work to integrated external applications on clusters like this yet.
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2593 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20121203/bfb5465d/attachment.bin
More information about the Bro
mailing list