[Bro] BroArgs in broctl.cfg
Daniel Thayer
dnthayer at illinois.edu
Sun Aug 24 08:46:20 PDT 2014
Try changing the double quotes to single quotes, like this:
BroArgs = -C -f '(src net 192.168.0.0/24 and dst port 25) or (src port
25 and dst net 192.168.0.0/24)'
On 08/24/2014 09:34 AM, Po-Ching Lin wrote:
>
> I find broctl is unable to install the following line in broctl.cfg because of the parentheses.
>
> BroArgs = -C -f "(src net 192.168.0.0/24 and dst port 25) or (src port 25 and dst net 192.168.0.0/24)"
>
> The error message is as follows:
>
> [BroControl] > check
> bro scripts failed.
> /usr/local/bro/share/broctl/scripts/broctl-config.sh: line 69: syntax error near unexpected token `('
> /usr/local/bro/share/broctl/scripts/broctl-config.sh: line 69: `broargs="-C -f "(src net 192.168.0.0/24 and dst port 25) or (src port 25 and dst net 192.168.0.0/24)""'
>
> What should I do if I want to use parentheses in the BPF string? Thanks.
>
> Po-Ching
>
More information about the Bro
mailing list