[Bro] Gotchas for 2.5.5 to 2.6 (notes from the field)
Seth Hall
seth at corelight.com
Thu Dec 6 05:51:51 PST 2018
Thanks for the notes! Always helpful.
.Seth
On 5 Dec 2018, at 17:54, James Lay wrote:
> Not many. From my notes...might help someone out there. Going from
> non-bro-pkg to bro-pkg was the bulk of the excitement. Also if you've
> ran bro-pkg with sudo instead of just as root you'll have to tweak out
> the config file. Try as I might to bro-pkg upgrade ja3 it did not fly,
> but an uninstall and reinstall worked. The list of packages are ones I
> use, betting folks use things other than my tiny list. Thank you.
>
> James
>
> remove current /opt/bro/lib/bro/plugins/Bro_AF_Packet
>
> update /root/.bro-pkg/config
> bro_dist = /home/home/build/bro-2.6 <- remained on old build dir even
> after config and install
>
> remove all from local.bro
> @load packages <- not this
> #@load packages/intel-seen-more/seen <- these
>
> as root:
> pip install bro-pkg
> bro-pkg refresh
> bro-pkg install bro-af_packet-plugin
> bro-pkg remove ja3
> bro-pkg install ja3
> bro-pkg upgrade domain-tld
> bro-pkg upgrade intel-seen-more
> bro-pkg load ja3
> bro-pkg load domain-tld
> bro-pkg load intel-seen-more
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
Seth Hall * Corelight, Inc * www.corelight.com
More information about the Bro
mailing list