[Bro] Bro on macos, magic bug
Julien T
julien.t43 at gmail.com
Sun Apr 20 22:06:15 PDT 2014
Hello,
I'm trying to use bro 2.2 on Mac (10.9.2) with macports
but when I try to parse a pcap, I got magic errors:
>>>
$ bro -r <pcapfile>
/opt/local/share/bro/magic/animation, 193: Warning: Current entry does not
yet have a description for adding a MIME type
/opt/local/share/bro/magic/animation, 195: Warning: Current entry does not
yet have a description for adding a MIME type
/opt/local/share/bro/magic/animation, 197: Warning: Current entry does not
yet have a description for adding a MIME type
/opt/local/share/bro/magic/animation, 199: Warning: Current entry does not
yet have a description for adding a MIME type
/opt/local/share/bro/magic/animation, 201: Warning: Current entry does not
yet have a description for adding a MIME type
/opt/local/share/bro/magic/animation, 203: Warning: Current entry does not
yet have a description for adding a MIME type
/opt/local/share/bro/magic/animation, 205: Warning: Current entry does not
yet have a description for adding a MIME type
/opt/local/share/bro/magic/animation, 208: Warning: Current entry does not
yet have a description for adding a MIME type
/opt/local/share/bro/magic/archive, 45: Warning: Current entry does not yet
have a description for adding a MIME type
/opt/local/share/bro/magic/cafebabe, 19: Warning: Current entry does not
yet have a description for adding a MIME type
internal error: can't load magic file /opt/local/share/bro/magic: could not
find any valid magic files!
<<<
Those files are from bro, while macports' libmagic (5.18) has
/opt/local/share/misc/magic.mgc
same if I do
MAGIC=/opt/local/share/misc/magic.mgc bro -r <pcapfile>
as suggested on
http://comments.gmane.org/gmane.comp.security.detection.bro/6225
Improvement with https://bro-tracker.atlassian.net/browse/BIT-1143.
I gave a try to github head and it works as expected, probably because of
above change.
So is a fix is expected for 2.2 or 2.3 is sufficiently near release?
Thanks
Julien
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140421/47efcd18/attachment.html
More information about the Bro
mailing list