[Bro] Gotchas for 2.5.5 to 2.6 (notes from the field)
James Lay
jlay at slave-tothe-box.net
Wed Dec 5 14:54:44 PST 2018
Not many. From my notes...might help someone out there. Going from
non-bro-pkg to bro-pkg was the bulk of the excitement. Also if you've
ran bro-pkg with sudo instead of just as root you'll have to tweak out
the config file. Try as I might to bro-pkg upgrade ja3 it did not fly,
but an uninstall and reinstall worked. The list of packages are ones I
use, betting folks use things other than my tiny list. Thank you.
James
remove current /opt/bro/lib/bro/plugins/Bro_AF_Packet
update /root/.bro-pkg/config
bro_dist = /home/home/build/bro-2.6 <- remained on old build dir even
after config and install
remove all from local.bro
@load packages <- not this
#@load packages/intel-seen-more/seen <- these
as root:
pip install bro-pkg
bro-pkg refresh
bro-pkg install bro-af_packet-plugin
bro-pkg remove ja3
bro-pkg install ja3
bro-pkg upgrade domain-tld
bro-pkg upgrade intel-seen-more
bro-pkg load ja3
bro-pkg load domain-tld
bro-pkg load intel-seen-more
More information about the Bro
mailing list