[Bro] Bro beta install

James Lay jlay at slave-tothe-box.net
Tue Nov 20 13:55:36 PST 2018 

Wow this took me forever to get back to.  Thank you...will wait a bit 
and see how the beta progresses.

James

On 2018-11-12 14:34, Jon Siwek wrote:
> On Mon, Nov 12, 2018 at 2:06 PM James Lay <jlay at slave-tothe-box.net> 
> wrote:
>> 
>> Wow what a complete disaster this was.  Errors:
>> 
>> fatal error in /usr/local/bro/share/bro/base/init-bare.bro, line 1:
>> cannot load plugin library
>> /usr/local/bro/lib/bro/plugins/packages/Bro_AF_Packet//lib/Bro-AF_Packet.linux-x86_64.so:
>> /usr/local/bro/lib/bro/plugins/packages/Bro_AF_Packet//lib/Bro-AF_Packet.linux-x86_64.so:
>> undefined symbol:
>> _ZN6plugin6Plugin12HookLoadFileERKNSt7__cxx1112basic_stringIcSt11char_traitsIcESaIcEEES8_
> 
> May need to recompile the plugin against new Bro version?
> 
>> warning in /usr/local/bro/share/bro/policy/protocols/smb/__load__.bro,
>> line 1: deprecated script loaded from
>> /usr/local/bro/share/bro/site/local.bro:98 "Use '@load
>> base/protocols/smb' instead"
> 
> It's only warning, but you can just update local.bro as indicated.
> 
>> error in
>> /usr/local/bro/share/bro/base/bif/plugins/./Bro_SSL.events.bif.bro, 
>> line
>> 41 and /usr/local/bro/share/bro/site/packages/./ja3/./ja3.bro, line 
>> 118:
>> incompatible types (event(c:connection; version:count;
>> record_version:count; possible_ts:tme; client_random:string;
>> session_id:string; ciphers:vector of count; comp_methods:vector of
>> count;) and event(c:connection; version:count; possible_ts:time;
>> client_random:string; session_id:string; ciphers:vector of count;))
> 
> This will need to be fixed in the ja3 package.  I have a PR open now:
> 
> https://github.com/salesforce/ja3/pull/27
> 
> So either wait for that to get merged and then update the local
> package or use my fork/patch directly if eager to try Bro 2.6-beta.
> 
>> and my redef line below:
>> redef Communication::listen_interface = 127.0.0.1;
>> 
>> gets me:
>> error in /usr/local/bro/share/bro/site/local.bro, line 102: "redef" 
>> used
>> but not previously defined (Communication::listen_interface)
> 
> The equivalent functionality is now:
> 
>     redef Broker::default_listen_address = "127.0.0.1";
> 
> (The underlying communication systems in Bro have been completely
> replaced with a new library called "Broker").
> 
>> reverted back to 2.5.5 now....yeesh.
> 
> There's quite a few potential incompatibilities with upcoming Bro 2.6,
> so worth seeing release notes:
> 
> https://www.bro.org/sphinx-git/install/release-notes.html
> 
> Generally a hope is that future releases minimize breakages for users,
> but there were some big fundamental changes that made it hard to avoid
> for 2.6.
> 
> Let me know if you give it another shot and have further trouble.
> 
> - Jon

More information about the Bro mailing list