[Bro] Bro 2.2 File Extraction (RHEL 6.5)

Jonathon Wright jonathon.s.wright at gmail.com
Wed Aug 6 13:17:15 PDT 2014


Yes it does!

What I'm trying to do is "Verify that broctl is configured for File
Extraction properly". My method was to test broctl by using bro on the CLI.
Your explanation is good information.

I'm going to try that now and update the list on results.


On Wed, Aug 6, 2014 at 10:07 AM, Seth Hall <seth at icir.org> wrote:

>
> On Aug 6, 2014, at 3:53 PM, Jonathon Wright <jonathon.s.wright at gmail.com>
> wrote:
>
> > I verified all configuration syntax: broctl check
> >
> >  bro -C -r my_pcap_file
>
> Two separate things are going on here.  Broctl is really focused around
> running Bro on live traffic and orchestrating all of the complexity
> involved in that.  You are then separately trying to run the Bro binary on
> a trace file and get output.
>
> Your whatever.bro script is installed and ready to be used when Bro is run
> with broctl.  Since you're just running Bro directly here though, you will
> want to load your script on the command line like this:
>
>         bro -C -r my_pcap_file whatever.bro
>
> You could also load the full local.bro script if you want that
> functionality too like this:
>
>         bro -C -r my_pcap_file local.bro whatever.bro
>
> Does that explain things better?
>
>   .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140806/ea2096e0/attachment.html 


More information about the Bro mailing list