[Bro] Bro problem - no software.log written
Keith Butler
kebutler at gmail.com
Wed Aug 28 10:09:27 PDT 2013
Are you running against a pcap or sniffing an interface?
If sniffing an interface, as a first step check that the software scripts are being loaded:
$ pwd
/path/to/bro/logs/2013-08-28
$ zgrep software loaded_scripts.16\:59\:36-17\:00\:00.log.gz
/usr/local/bro/share/bro/base/frameworks/software/__load__.bro
/usr/local/bro/share/bro/base/frameworks/software/./main.bro
/usr/local/bro/share/bro/policy/frameworks/software/vulnerable.bro
/usr/local/bro/share/bro/policy/frameworks/software/version-changes.bro
/usr/local/bro/share/bro/policy/protocols/ftp/software.bro
/usr/local/bro/share/bro/policy/protocols/smtp/software.bro
/usr/local/bro/share/bro/policy/protocols/ssh/software.bro
/usr/local/bro/share/bro/policy/protocols/http/software.bro
If running against a pcap, add local to the end of your command:
$ bro -r my.pcap local
-kb
On Aug 28, 2013, at 9:36 AM, עומר עומר <omer007security at walla.co.il> wrote:
> Hi,
>
>
>
> How can I debug why no software log is written..?
>
>
>
> I use Bro 2.1 compiled from source.
>
>
>
> Thanks,
>
>
>
> Omer
>
> Walla! Mail - Get your free unlimited mail today
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130828/e106fe39/attachment.html
More information about the Bro
mailing list