Hello Bro-folks!
I have just setup bro and are getting aquainted with Bro. Bro feels very good and the information that can be gathered eith Bro is impressive.
I have one issue though that is simple and easy but haven’t had the time to figure it out.
I am receiving these connection summary emails via the Bro cron feature. The mail however complains about time command that cannot be found:
[Bro] Connection summary from 16:00:00-17:00:00
nice: which:: No such file or directory
The time command is used by broctl to time how long it takes to
generate a connection summary report (the output of the time
command is visible at the end of each connection summary report).
There is currently a bug in broctl that prevents connection summary
reports from being generated if the time command is not available
(this bug should be fixed in the next release).
On RHEL5 and RHEL6, the "time" command is contained in the "time" rpm.
So, to fix this, you could install the "time" rpm, then do
a "broctl install" to update the broctl configuration so that
it knows where the time command is located. If you are unable
to install "time", then an alternative solution is to patch
the broctl source so that connection summary reports can be
generated whether or not "time" is installed (let me know if
you want instructions on how to do this).
-Daniel