I am working through section 3 of the binpac++ documentation to
understand binpac++ analyzers are integrated into Bro.
(I'm running the HILTI/Binpac++ docker image, under Centos7.)
I am getting an error when confirming the binpac++ plugin is present:
root@df5e8fd99740:~# export BRO_PLUGIN_PATH=/opt/hilti/build/bro
root@df5e8fd99740:~# bro -NN ssh.evt
fatal error in /usr/local/bro/share/bro/base/init-bare.bro, line 1:
cannot load plugin library
/opt/hilti/build/bro//lib/Bro-Hilti.linux-x86_64.so:
/opt/hilti/build/bro//lib/Bro-Hilti.linux-x86_64.so: undefined symbol:
_ZN6plugin6Plugin11MetaHookPreENS_8HookTypeERKNSt3__14listINS_12HookArgumentENS2_9allocatorIS4_EEEE
Perhaps I have set the BRO_PLUGIN_PATH incorrectly?
- Troy
robin
2
Oh, there's actually a problem in the Docker file I believe. I'll see
that I get that fixed.
Robin
Hello,
I encounter the same problem when I try to reproduce the “BinPAC++ Demo”.
I use bro 2.4-beta6 compiled from last revision sources.
Also I compiled Hilti from sources using the
Robin, Troy, have you found a solution on this problem that I could apply on a non docker context?
Thanks,
Bruno.
robin
4
I was hoping it's fixed now, both inside and outside of Docker. Are you
using the most recent HILTI/BinPAC++ version?
The Docker image now seems to be working for folks.
Robin
Hello Robin,
Thanks for your answer.
In fact I have used the http://github.org/rsmmr/install-clang script, so I’m afraid it is not the last HILTI sources.
I will try with the last HILTI sources if you say it is fixed on them.