can't compile BRO policy

Hi,

we are 3 students of University of Milan (DTI - Crema): Paolo Tironi, Paolo Bettini and Matteo Morato.

We study for a project on Bro IDS.

We install BRO only running ./configure and make, and then we setted
$ pwd
/home/christian/devel/bro
$ echo $BROPATH
/home/christian/devel/bro/policy:/home/christian/devel/bro/policy/sigs

Next, we setted the BRO_DNS_FAKE environment variable.

Finally we runned BRO: $ ./src/bro -r trace1.tcpdump tcp scan alarm weird.

We have some problems:

bt bin # bro -r trace1.tcpdump tcp scan alarm weird dns
/usr/local/bro/policy/bro.init, line 1: warning: problem initializing NB-DNS: connect(200.3.200.5): Network is unreachable
/usr/local/bro/policy/dns.bro, line 123: run-time error: error compiling pattern /^?.([0-9]+.[0-9]+.[0-9]+.[0-9]+.in-addr.arpa)/
/usr/local/bro/policy/dns.bro, line 179: run-time error: error compiling pattern /^?.(.)/
/usr/local/bro/policy/dns.bro, line 557: run-time error: error compiling pattern /^?.(?(PTR|*.in-addr).)/
/usr/local/bro/policy/dns.bro, line 571: run-time error: error compiling pattern /^?.(?(PTR|*.in-addr).)/
line 1: warning: event handlers never invoked:
line 1: warning: account_tried

Is there anybody who can help me?

There's a fix for this described at

     http://www.bro-ids.org/wiki/index.php/"Error_compiling_pattern"

Does that solve the problem?

Robin

We don’t find these files…but we have anyway the problem.

Paolo
Matteo
Paolo

2008/7/11 Robin Sommer <robin@icir.org>: