[Bro] Running Bro on Alpine

Mike M turbidtarantula at gmail.com
Tue Sep 18 11:23:40 PDT 2018 

Daniel,

Thanks for the help. I rebuilt bro with those patches (although they look
identical to the ones I referenced earlier), making sure to grab all the
dependencies listed in the docker file.

I'm still seeing broctl report that bro crashed. However, what I failed to
notice before is that there are actually several bro processes running and
bro is still producing logs even when broctl report it has crashed.

I suppose I could roll my own scripts to start and stop bro, but I'd prefer
to actually get broctl working on alpine. Any ideas as to why it's
reporting inaccurate information?

thanks,
Mike

On Tue, Sep 18, 2018 at 11:47 AM Daniel Guerra <daniel.guerra69 at gmail.com>
wrote:

> Check out
>
>
> For alpine linux you need some patches
>
> https://github.com/blacktop/docker-bro/tree/master/2.5
>
>
> Regards,
>
>
> Daniel
> Op 18/09/2018 om 17:18 schreef Mike M:
>
> Hello,
>
> I’m trying to compile and run Bro on Alpine Linux and I’m having an issue
> with broctl crashing.
>
> Out of the box running ./configure and make using the bro 2.5.5 source I
> get a bunch of errors like that “'u_char' does not name a type” [1].
>
> I found this project for compiling Bro on Alpine [2]. The build-bro.sh.
> script includes two patch files and a cmake file [3]. Manually applying
> those three files gets Bro to the point where it compiles successfully.
>
> Bro will run fine from the command line, but running broctl it crashes
> almost immediately [4]. Broctl reports Bro as crashed, but it briefly
> produces all the log files I'd expect (conn, dns, etc). There's nothing
> useful in the stdout, stderr or reporter logs.
>
> I built bro with --enable-debug, I've got gdb installed, and I set "ulimit
> -c unlimited" but I don't see a crash dump anywhere.
>
> In the absence of any error messages I'm unsure on how to proceed. Can
> anyone recommend next steps?
>
> thanks,
> Mike
>
> [1] see compile error.txt (attached)
> [2] https://github.com/danielguerra69/docker-bro-1
> [3] https://github.com/danielguerra69/docker-bro-1/tree/master/source
> [4] see broctl crash.txt (attached)
>
>
> _______________________________________________
> Bro mailing listbro at bro-ids.orghttp://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180918/0b0627f5/attachment.html

More information about the Bro mailing list