[Bro] BroArgs in broctl.cfg

Daniel Thayer dnthayer at illinois.edu
Sun Aug 24 08:46:20 PDT 2014


Try changing the double quotes to single quotes, like this:

BroArgs = -C -f '(src net 192.168.0.0/24 and dst port 25) or (src port 
25 and dst net 192.168.0.0/24)'


On 08/24/2014 09:34 AM, Po-Ching Lin wrote:
>
> I find broctl is unable to install the following line in broctl.cfg because of the parentheses.
>
> BroArgs = -C -f "(src net 192.168.0.0/24 and dst port 25) or (src port 25 and dst net 192.168.0.0/24)"
>
> The error message is as follows:
>
> [BroControl] > check
> bro scripts failed.
>      /usr/local/bro/share/broctl/scripts/broctl-config.sh: line 69: syntax error near unexpected token `('
>      /usr/local/bro/share/broctl/scripts/broctl-config.sh: line 69: `broargs="-C -f "(src net 192.168.0.0/24 and dst port 25) or (src port 25 and dst net 192.168.0.0/24)""'
>
> What should I do if I want to use parentheses in the BPF string? Thanks.
>
> Po-Ching
>



More information about the Bro mailing list