[Bro] Query Regarding bro-osquery - Broker error
Sumana Tirumala
sumana at polylogyx.com
Sun Mar 18 23:23:50 PDT 2018
Hi,
I am trying to use bro-osquery integration from
https://github.com/iBigQ/osquery-plugin-bro.
I have followed on the steps correctly mentioned in the link, but I am
unable to start osquerd
following are the errors.
I0319 11:50:44.819684 29705 broker_manager.cpp:274] Connecting to Bro
localhost:47760
W0319 11:50:44.823487 29705 broker_manager.cpp:351] Broker error:4,
error(4, 'broker', (invalid-node, *localhost:47760, "remote endpoint
unavailable"))
W0319 11:50:44.823573 29705 broker_manager.cpp:254] Retrying to connect to
Bro...
in the netstat ouput I am able to see the connection getting established
bro-osquery at bro-osquery:~/osquery$ netstat -na | grep '47760'
tcp 0 0 0.0.0.0:47760 0.0.0.0:* LISTEN
tcp6 0 0 :::47760 :::* LISTEN
tcp6 0 0 ::1:47760 ::1:58498
ESTABLISHED
tcp6 144 0 ::1:58498 ::1:47760
ESTABLISHED
In the external/osquery-plugin-bro/install/osquery.conf, I have the
configuration as
// The IP and port of the Bro endpoint.
"custom_bro_ip": "localhost",
"custom_bro_port": "47760",
This setup is on Debian9. Any kind of help would be appreciated.
Regards
Sumana
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180319/c691badc/attachment.html
More information about the Bro
mailing list