[Bro] How BRO's in-built scripts are invoked in a flow one by one(one file after other file)

Aniket Savanand aniketpsavanand at gmail.com
Sat Dec 12 19:42:39 PST 2015 

Thanks Anthony, Clark for your replies.


I got BRO installed as per
https://www.digitalocean.com/community/tutorials/how-to-install-bro-ids-2-2-on-ubuntu-12-04

on my linux dual boot machine. Now, I am able to run the BRO using broctl
and  I can see log files generated.
And I played with try.bro.org and saw how bro can capture traffic http,
connection etc.

I have succeeded doing above part only.

Now at this stage, How do I proceed with suggestions you provided?

I got many questions as
( 1 . So as Anthony suggested, to remove @load from these initial
boot-strap files init-default.bro and init-bare.bro.
But how do I that? I mean, where can I locate these files, and how do
modify them to remove @load and make them run, but with  my above
installation.

2. As per Clark suggestion, I saw devel-tools list, but I could not figure
out how do use :
https://github.com/bro/bro-aux/blob/master/devel-tools/cpu-bench-with-trace in
my current installation)

Thanks
Aniket Savanand
San Jose State
669-226-8162


On Sun, Dec 6, 2015 at 8:57 PM, Aniket Savanand <aniketpsavanand at gmail.com>
wrote:

> Thanks a lot.
>
> I will look into these files.
>
> Thanks
> Aniket Savanand
>
> On Sun, Dec 6, 2015 at 8:51 PM, Clark, Gilbert <gc355804 at ohio.edu> wrote:
>
>> In addition to what Anthony suggests:
>>
>> Bro has an option to trace execution and write the results to a file: I
>> think it's '-T' or something along those lines.  The trace file generated
>> by running bro with this option can show you which script functions were
>> called and in which order they were called ... but this option generates a
>> *lot* of output, and should therefore only be used offline and (probably)
>> with a relatively small capture file.
>>
>> There's a benchmark script that ships with bro that also shows an example
>> of incrementally running bro with 1 script loaded, 2 scripts loaded, etc to
>> see how each script affects bro's runtime:
>> https://github.com/bro/bro-aux/blob/master/devel-tools/cpu-bench-with-trace
>>
>> Also, maybe try taking a look at try.bro.org: it's a pretty nice way to
>> play with bro and become familiar with how things work.
>>
>> Cheers,
>> Gilbert
>>
>
>
>
> --
> *Regards, *
> *Aniket Savanand,*
> *MS Software Engineering 2016,*
> *San Jose State University, CA*
> *Email <aniket.savanand at sjsu.edu> **Cellphone- +1-669-226-8162
> <%2B1-669-226-8162>*
>
>
>



-- 
*Regards, *
*Aniket Savanand,*
*MS Software Engineering 2016,*
*San Jose State University, CA*
*Email <aniket.savanand at sjsu.edu> **Cellphone- +1-669-226-8162*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20151212/dc8b33f4/attachment.html

More information about the Bro mailing list