[Bro] Basic Question

Justin Thomas justin at justinthomas.name
Thu Dec 6 09:14:23 PST 2012 

It actually is configured as standalone - my mistake.

I changed my python script to:

from broccoli import *
bc = Connection("10.0.0.1:47760")

@event
def new_connection(event):


On Thu, Dec 6, 2012 at 8:56 AM, Justin Thomas <justin at justinthomas.name>wrote:

> From here:
> http://www-old.bro-ids.org/wiki/index.php/Reference_Manual:_Analyzers_and_Events
>
> I guess the "old" in the URL should have tipped me off. I had some trouble
> finding descriptions of built-in events, so I just grabbed the first thing
> that looked reasonable. I'll look over the document you linked below. I did
> try using the "new_connection" event with similar results (i.e., none), so
> your comment on the cluster configuration may also be a sticking point for
> me.
>
> I'll look over my configuration with that note about the manager not
> generating the protocol events in mind; I'm not sure on the specifics (if I
> recall correctly, I think I configured it as a cluster for future expansion
> but am only running on one machine right now).
>
>
> On Thu, Dec 6, 2012 at 6:51 AM, Seth Hall <seth at icir.org> wrote:
>
>>
>> On Dec 6, 2012, at 12:55 AM, Justin Thomas <justin at justinthomas.name>
>> wrote:
>>
>> > @event
>> > def ssl_conn_attempt(connection, version, ciphers):
>>
>> Where did you get this event from?  That is an old event that was removed
>> prior to the 2.0 release.  You can refer to the following link for all of
>> our current (2.1 release) analyzer generated events:
>>         http://bro-ids.org/documentation/scripts/base/event.bif.html
>>
>> Are you running Bro with BroControl in standalone mode too?  If you run a
>> cluster and you only connect to your manager you won't see these events
>> either because the protocol events aren't being generated on the manager.
>>  It looks like you're doing the right things in your python script though.
>>
>>   .Seth
>>
>> --
>> Seth Hall
>> International Computer Science Institute
>> (Bro) because everyone has a network
>> http://www.bro-ids.org/
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20121206/2b71f03e/attachment.html

More information about the Bro mailing list