I am installing on Slackware 10.2.0 (old I know) gcc version 3.3.6,
which was pretty straight forward although I have snort/libpcap etc
installed from source and a PF Ring kernel so it is far from a vanilla
Slackware. I had done a 'manual' install of Bro 1.4 prior to patching
Bro for a BroLite install, I deleted and re-installed as I felt that I
had missed a few things which did turn out to be the case e.g the perl
reporting scripts.
On patching and running "make install-brolite" all seems good 'out of
the box' except I had to add "/usr/local/bro/site" to BROPATH in
etc/bro.cfg, from my reading I gather this is likely due to a new
location of site to share/bro/site? A suggestion, possibly a simple
'what goes where' or 'what is to be expected where' in the docs?
Peter
Peter Hart-Davis
Senior Technical Engineer: MWEB IT Security Team
Multichoice Subscriber Management services: Internet Division
Tel.: + 27 021 596 8103
Cell: + 27 083 414 7455
Fax: + 27 021 596 8381
E-mail: phartdavis@mweb.com
Registered Linux User #28564
Registered CISSP #89701
MSN: trip_tango@hotmail.com
This electronic communication and the attached file(s) are subject to a disclaimer which can be accessed on the following link: Disclaimer - or copy the
following URL into your browser - http://www.mweb.co.za/disclaimer.
If you are unable to view the disclaimer, please contact abuse@mweb.com for a copy.
On patching and running "make install-brolite" all seems good 'out of
the box' except I had to add "/usr/local/bro/site" to BROPATH in
etc/bro.cfg, from my reading I gather this is likely due to a new
location of site to share/bro/site?
To make sure I understand what you mean: are you saying that you had
already policy files in /usr/local/bro/site which were now not found
anymore (in which case that's ok to require a BROPATH change
because, as you note, the standard location has changed); or are you
saying that the install process puts files into /usr/local/bro/site
which were then not found (in which case if would be a bug).
A suggestion, possibly a simple 'what goes where' or 'what is to
be expected where' in the docs?
Yeah, I guess that would be good, except as that this fix will be
only temporary anyway so it's mostly for people already using
BroLite.
Unfortunately it put the files into /usr/local/bro/site and not into
/usr/local/bro/share/site i.e. a bug.
The 'what goes where' or 'what is to be expected where' would be for the
new layout.
Something else I have picked up since is that running site-report.pl
returns the following error: " Can't use an undefined value as a SCALAR
reference at ./site-report.pl line 1278." Any suggestions would be
appreciated.
Something else I have picked up since is that running site-report.pl
returns the following error: " Can't use an undefined value as a SCALAR
reference at ./site-report.pl line 1278." Any suggestions would be
appreciated.
Hmmm.... Don't really know where that comes from but I think it's
unrelated to the install-brolite. I've openened another ticket for
this: http://tracker.icir.org/bro/ticket/54
JUST LIKE THAT