[Bro] Bro beta install

Jon Siwek jsiwek at corelight.com
Mon Nov 12 13:34:51 PST 2018

On Mon, Nov 12, 2018 at 2:06 PM James Lay <jlay at slave-tothe-box.net> wrote:
> Wow what a complete disaster this was.  Errors:
> fatal error in /usr/local/bro/share/bro/base/init-bare.bro, line 1:
> cannot load plugin library
> /usr/local/bro/lib/bro/plugins/packages/Bro_AF_Packet//lib/Bro-AF_Packet.linux-x86_64.so:
> /usr/local/bro/lib/bro/plugins/packages/Bro_AF_Packet//lib/Bro-AF_Packet.linux-x86_64.so:
> undefined symbol:
> _ZN6plugin6Plugin12HookLoadFileERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES8_

May need to recompile the plugin against new Bro version?

> warning in /usr/local/bro/share/bro/policy/protocols/smb/__load__.bro,
> line 1: deprecated script loaded from
> /usr/local/bro/share/bro/site/local.bro:98 "Use '@load
> base/protocols/smb' instead"

It's only warning, but you can just update local.bro as indicated.

> error in
> /usr/local/bro/share/bro/base/bif/plugins/./Bro_SSL.events.bif.bro, line
> 41 and /usr/local/bro/share/bro/site/packages/./ja3/./ja3.bro, line 118:
> incompatible types (event(c:connection; version:count;
> record_version:count; possible_ts:tme; client_random:string;
> session_id:string; ciphers:vector of count; comp_methods:vector of
> count;) and event(c:connection; version:count; possible_ts:time;
> client_random:string; session_id:string; ciphers:vector of count;))

This will need to be fixed in the ja3 package.  I have a PR open now:


So either wait for that to get merged and then update the local
package or use my fork/patch directly if eager to try Bro 2.6-beta.

> and my redef line below:
> redef Communication::listen_interface =;
> gets me:
> error in /usr/local/bro/share/bro/site/local.bro, line 102: "redef" used
> but not previously defined (Communication::listen_interface)

The equivalent functionality is now:

    redef Broker::default_listen_address = "";

(The underlying communication systems in Bro have been completely
replaced with a new library called "Broker").

> reverted back to 2.5.5 now....yeesh.

There's quite a few potential incompatibilities with upcoming Bro 2.6,
so worth seeing release notes:


Generally a hope is that future releases minimize breakages for users,
but there were some big fundamental changes that made it hard to avoid
for 2.6.

Let me know if you give it another shot and have further trouble.

- Jon

More information about the Bro mailing list