DNS

I have experienced a similar problem before when using bro on linux (Do
so at your own peril better to use *BSD). If the box your using it on is
a router and there is no internet connectivity. This happens because bro
needs to be able to resolve several host names present in the .bro files
(if there unmodified)
line 33 of hot calls for the resolution of ns.lbl.gov for instance. The
resolution to this is to customize the .bro files for your site, the
values in the .bro files are place holders (that was the intention
right?) so that you can change the value to something site specific.

Thanks for the tip. Yes, the intention is that all the hostnames in
the .bro files are place holders, to illustrate how you might use the
various policy tables.

On a somewhat related subject Mr. Paxon if you have finished the user
manual I would be very interested in seeing it.

I haven't, but keep those letters coming, the thought that people are
interested in reading it does indeed help squeeze out the cycles for
working on it.

    Vern