[Bro] ActiveHTTP
Dave Crawford
bro at pingtrip.com
Mon Jan 30 11:54:04 PST 2017
Thanks Jan, what version of Bro are you running and on which platform?
I have 'bro version 2.5-30’, compiled from Github master, on Debian 8.7 and macOS 10.12.2 and both hang until I ctrl-C, and neither enters the when{} block:
macOS$ time bro -r bro_dev/Mswab_Yayih_FD1BE09E499E8E380424B3835FC973A8_2012-03.pcap b.bro
^C1330843811.964963 received termination signal
real 8m30.316s
user 1m31.343s
sys 6m58.036s
debian$ time bro -r test2.pcap b.bro
^C1330843811.964963 received termination signal
real 2m42.507s
user 1m19.328s
sys 1m23.168s
> On Jan 30, 2017, at 2:02 PM, Jan Grashöfer <jan.grashoefer at gmail.com> wrote:
>
>> Ok, scratch that error message. The box I was testing on didn’t have curl installed. After installing curl the test script has the same behavior as when run on OS X. Work great by itself but hangs before the when{} block if passed a PCAP.
>
> bro --pseudo-realtime -r
> Mswab_Yayih_FD1BE09E499E8E380424B3835FC973A8_2012-03.pcap b.bro
>
> works for me. Takes about one and a half minute (the PCAP covers ~5mins)
> to spit out the result.
>
> Jan
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170130/e6247acd/attachment.html
More information about the Bro
mailing list