[Bro] Connection summary email
Daniel Thayer
dnthayer at illinois.edu
Fri Apr 19 13:07:22 PDT 2013
The time command is used by broctl to time how long it takes to
generate a connection summary report (the output of the time
command is visible at the end of each connection summary report).
There is currently a bug in broctl that prevents connection summary
reports from being generated if the time command is not available
(this bug should be fixed in the next release).
On RHEL5 and RHEL6, the "time" command is contained in the "time" rpm.
So, to fix this, you could install the "time" rpm, then do
a "broctl install" to update the broctl configuration so that
it knows where the time command is located. If you are unable
to install "time", then an alternative solution is to patch
the broctl source so that connection summary reports can be
generated whether or not "time" is installed (let me know if
you want instructions on how to do this).
-Daniel
On 04/19/2013 10:44 AM, Kim Halavakoski wrote:
> Hello Bro-folks!
>
> I have just setup bro and are getting aquainted with Bro. Bro feels very
> good and the information that can be gathered eith Bro is impressive.
>
> I have one issue though that is simple and easy but haven't had the time
> to figure it out.
>
> I am receiving these connection summary emails via the Bro cron feature.
> The mail however complains about time command that cannot be found:
>
> [Bro] Connection summary from 16:00:00-17:00:00
>
> nice: which:: No such file or directory
>
> --
> [Automatically generated.]
>
>
> The "time" command is not available as a separate package under RedHat
> so I am curious about what that script does, where it is and how I could
> modify it to work without "time"?
>
> Best regards,
>
> Kim Halavakoski
>
> Sent from my mobile device, excuse my clawfingerness!
>
> PGP S#: 0BFA A910 9AA7 94A5 A323 53F5 4151 4CE4 33BE 35FA
> http://www.blackcatsec.net
>
>
>
More information about the Bro
mailing list