Hi !
I don’t understand why Bro didn’t work,could you help me ?
Ubuntu@Ubuntu:~/bro-2.4.1$ sudo /opt/bro/bin/broctl
Warning: state database needs updating (run the broctl “deploy” command)
Welcome to BroControl 1.4
Type “help” for help.
[BroControl] > install
removing old policies in /opt/bro/spool/installed-scripts-do-not-touch/site …
removing old policies in /opt/bro/spool/installed-scripts-do-not-touch/auto …
creating policy directories …
installing site policies …
generating standalone-layout.bro …
generating local-networks.bro …
generating broctl-config.bro …
generating broctl-config.sh …
updating nodes …
Host key verification failed.
Error: cannot create (some of the) directories /opt/bro,/var/log/bro,/opt/bro/spool,/opt/bro/spool/tmp on node bro
|
I’ve installed Bro from tar.gz with :
Ubuntu@Ubuntu:~/bro-2.4.1$ ./configure --prefix=/opt/bro --logdir=/var/log/bro
Ubuntu@Ubuntu:~/bro-2.4.1$ make
Ubuntu@Ubuntu:~/bro-2.4.1$ sudo make install
And my conf is :
networks.cfg
W.W.W.W/24 Private IP space
Y.Y.Y.Y/24 Private IP space
nodes.cfg
[bro]
type=standalone
host=localhost
interface=eth1
Thank you for your help,
Regards,
Maxime Lambert
In BroControl, what is the output of the "nodes" command?
Also, what is the output of the "status" command?
Did you try unsetting the LANG variable?
sudo LANG= /opt/bro/bin/broctl
(mind the blank after the "=".)
Best regards,
Sven
This issue was fixed a long time ago, but I just remembered that
the fix was not included in the Bro 2.4.1 release. It will be
included in the next release, however.
Hi Daniel,
That's :
[BroControl] > nodes
bro - addr=::1 aux_scripts= brobase= count=1 env_vars= ether= host=localhost interface=eth1 lb_interfaces= lb_method= lb_procs= name=bro pin_cpus= test_mykey= type=standalone zone_id=
And :
[BroControl] > status
Getting process status ...
Getting peer status ...
Name Type Host Status Pid Peers Started
bro standalone localhost stopped
Best regards,
Maxime Lambert
----- Mail original -----
Hi Sven,
That's the result :
Ubuntu@Ubuntu:~$ sudo LANG= /opt/bro/bin/broctl
Warning: state database needs updating (run the broctl "deploy" command)
Welcome to BroControl 1.4
Type "help" for help.
[BroControl] > deploy
checking configurations ...
installing ...
removing old policies in /opt/bro/spool/installed-scripts-do-not-touch/site ...
removing old policies in /opt/bro/spool/installed-scripts-do-not-touch/auto ...
creating policy directories ...
installing site policies ...
generating standalone-layout.bro ...
generating local-networks.bro ...
generating broctl-config.bro ...
generating broctl-config.sh ...
updating nodes ...
stopping ...
bro not running
starting ...
starting bro ...
bro terminated immediately after starting; check output with "diag"
[BroControl] > status
Getting process status ...
Getting peer status ...
Name Type Host Status Pid Peers Started
bro standalone localhost crashed
Best regards,
Maxime Lambert
----- Mail original -----
Sorry, I forget :
After the sudo LANG= ... command :
[BroControl] > diag
[bro]
Bro 2.4.1
Linux 4.4.0-21-generic
No gdb installed.
==== No reporter.log
==== stderr.log
fatal error: problem with interface eth1 (eth1: SIOCETHTOOL(ETHTOOL_GET_TS_INFO) ioctl failed: No such device)
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i eth1 -U .status -p broctl -p broctl-live -p standalone -p local -p bro local. bro broctl broctl/standalone broctl/auto
==== .env_vars
PATH=/opt/bro/bin:/opt/bro/share/broctl/scripts:/usr/local/sbin:/usr/local/bin:/ usr/sbin:/usr/bin:/sbin:/bin:/opt/bro/bin
BROPATH=/opt/bro/spool/installed-scripts-do-not-touch/site::/opt/bro/spool/insta lled-scripts-do-not-touch/auto:/opt/bro/share/bro:/opt/bro/share/bro/policy:/opt /bro/share/bro/site
CLUSTER_NODE=
==== .status
TERMINATED [atexit]
==== No prof.log
==== No packet_filter.log
==== No loaded_scripts.log
Gest regards,
Maxime Lambert
----- Mail original -----
You have 'interface=eth1' in your node.cfg but you don't actually have an eth1 interface.
Hi everyone,
Mistake, from my interface !
And thanks to sudo LANG= /opt/bro/bin/broctl all is OK !
Thanks you very much !
Best regards,
Maxime Lambert
----- Mail original -----