[Bro] Stupid scripting question: SSH password detection limited to local networks

Mike Patterson mike.patterson at uwaterloo.ca
Tue Jan 28 09:29:47 PST 2014


On Jan 28, 2014, at 11:37 AM, Robin Sommer <robin at icir.org> wrote:

> 
> 
> On Tue, Jan 28, 2014 at 10:08 -0500, Mike Patterson wrote:
> 
>> I’m thinking my problem with the test script is simply that I’m not
>> running it with broctl
> 
> Yeah, networks.cfg will be used only when running from broctl. For
> testing, broctl has a command "process" that processes a trace with
> (almost) the same configuration that it's using when running live See
> the corresponding entry in
> http://www.bro.org/sphinx-git/components/broctl/README.html#command-reference
> 

Well, now I have a different problem, but the issue is somewhat tangential - unless that’s the only way for me to get Bro/broctl to tell me what it thinks my local networks are.

Issue with process: It bombs out with messages like:
error in /usr/local/bro-2.2/share/bro/policy/misc/loaded-scripts.bro, line 4: syntax error, at or near “module"

I’m running with
[BroControl] > process /path/to/pcap /path/to/test.bro
and I’ve also tried
process — /path/to/test.bro
process /path/to/pcap — /path/to/test.bro

Poor bernhard was trying to help me, and his install works just fine.

So now I don’t *know* if I’ve got one issue, or two issues. ;)

Any ideas, Robin?

Mike





More information about the Bro mailing list