[Bro] Seeing packets

James Lay jlay at slave-tothe-box.net
Thu Jun 13 04:44:54 PDT 2013 

And a third time now….I've looked through the scripts and I don't see any reference to this..I've googled and searched the docs..nothing on this.  I know it's part of the cron job process, but that's all I know.  Maybe if I post some config data I'll get ANY response eh?  Here's my broctl config…thanks for any insight.

alive-localhost = 0
bindir = /opt/bin
bro = /opt/bin/bro
bro-crashed = 0
bro-pid = 3573
bro-port = 47760
broargs =
brobase = /opt
broctlconfigdir = /opt/spool
broversion = 2.1
capstatspath = /opt/bin/capstats
cfgdir = /opt/etc
cflowaddress =
cflowpassword =
cflowuser =
commtimeout = 10
compresslogs = 1
cron = 0
croncmd =
debug = 0
debuglog = /opt/spool/debug.log
disk-space-bro-dev-sda1 = 24.6
havenfs = 0
helperdir = /opt/share/broctl/scripts/helpers
home =
ipv6comm = 1
lastpkts-bro = 50.0
libdir = /opt/lib
libdirinternal = /opt/lib/broctl
localnetscfg = /opt/etc/networks.cfg
lockfile = /opt/spool/lock
logdir = /opt/logs
logexpireinterval = 0
logrotationinterval = 86400
mailalarmsto = root at localhost
mailfrom = Big Brother <bro at gateway>
mailreplyto =
mailsubjectprefix = [Bro]
mailto = root at localhost
makearchivename = /opt/share/broctl/scripts/make-archive-name
manager-crashed = 0
manager-pid =
manager-port = 47761
memlimit = unlimited
mindiskspace = 5
nodecfg = /opt/etc/node.cfg
os = linux
pfringclusterid = 0
plugindir = /opt/lib/broctl/plugins
policydir = /opt/share/bro
policydirsiteinstall = /opt/spool/installed-scripts-do-not-touch/site
policydirsiteinstallauto = /opt/spool/installed-scripts-do-not-touch/auto
postprocdir = /opt/share/broctl/scripts/postprocessors
prefixes = local
proxy-1-crashed = 0
proxy-1-pid =
proxy-1-port = 47762
savetraces = 0
scriptsdir = /opt/share/broctl/scripts
sendmail = /usr/sbin/sendmail
sigint = 0
sitepluginpath =
sitepolicymanager = local-manager.bro
sitepolicypath = /opt/share/bro/site
sitepolicystandalone = local.bro
sitepolicyworker = local-worker.bro
spooldir = /opt/spool
standalone = 1
statefile = /opt/spool/broctl.dat
staticdir = /opt/share/broctl
statsdir = /opt/logs/stats
statslog = /opt/spool/stats.log
stoptimeout = 60
test.enabled = 0
test.foo = 1
time = /usr/bin/time
timefmt = %d %b %H:%M:%S
timemachinehost =
timemachineport = 47757/tcp
tmpdir = /opt/spool/tmp
tmpexecdir = /opt/spool/tmp
tracesummary = /opt/bin/trace-summary
version = 1.1
worker-1-crashed = 0
worker-1-pid =
worker-1-port = 47763
worker-2-crashed = 0
worker-2-pid =
worker-2-port = 47764
zoneid =  
On Jun 11, 2013, at 1:25 AM, James Lay <jlay at slave-tothe-box.net> wrote:

> 
> On Jun 9, 2013, at 7:03 AM, James Lay <jlay at slave-tothe-box.net> wrote:
> 
>> Any way to disable these types of emails:
>> 
>> localhost is seeing packets again on interface eth0
>> 
>> Kinda of silly ;)  Thank you.
>> 
>> James
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> 
> Anyone?
> 
> James
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list