[Bro] broctl status peers 0 / critical stack is running?

Gary Faulkner gfaulkner.nsm at gmail.com
Sun Sep 25 10:07:39 PDT 2016


I haven't set up Critical Stack before, but my understanding is that if
set up correctly you should be seeing an intel.log file being generated.
There is an article over at Taosecurity that includes a link to a Google
Doc with better details than I can provide. Link below:

http://taosecurity.blogspot.com/2015/01/try-critical-stack-intel-client.html

~Gary


On 9/24/2016 3:02 AM, Federico Olivieri wrote:
> Thanks Gary for the info! Are you able to provide me info about my
> second question as well?
>
> 2-How can I check if critical-stuck is "feeding" BRO?
>
> Federico
>
> 2016-09-23 17:30 GMT+01:00 Gary Faulkner <gfaulkner.nsm at gmail.com
> <mailto:gfaulkner.nsm at gmail.com>>:
>
>     The peer column is for when you operate Bro in cluster mode. It
>     will show how many workers are connected to the manager and
>     proxies. Since you are in stand-alone mode, this will not show any
>     peers.
>
>     ~Gary
>
>
>     On 9/23/2016 10:59 AM, Federico Olivieri wrote:
>>     Hi everybody,
>>     I'm new in BRO and first of all I would say...thank you for the
>>     great product developed! It is such good and well done! Easy to
>>     use! I love it the integration with critical stack!
>>
>>     I have managed to set up and run BRO on my raspi and everything
>>     is ok. Just a couple of questions:
>>
>>     1-Can someone explain me the meaning of Peer column?
>>
>>     root at raspberrypi:~# broctl status
>>     Getting process status ...
>>     Getting peer status ...
>>     Name         Type       Host          Status    Pid    Peers  Started
>>     bro          standalone localhost     running   6695   0      23
>>     Sep 08:55:03
>>
>>     2-How can I check if critical-stuck is "feeding" BRO?
>>
>>     Thanks!
>>     Federico
>>
>>
>>     _______________________________________________
>>     Bro mailing list
>>     bro at bro-ids.org <mailto:bro at bro-ids.org>
>>     http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>     <http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160925/63813a1a/attachment.html 


More information about the Bro mailing list