Hi,
I am trying to run bro on trace file specifically on the tcpdump file provided in bro workshop.
url
http://www.bro-ids.org/bro-workshop-2007/exercises/exercise1.html
but I was unable run that giving me command not found.
sample of my output is
In the url
http://www.bro-ids.org/bro-workshop-2007/exercises/exercise1-solution.html
they asked to create local.bro
I created that file
Then they asked to run some analyzer
they asked to use setenv and bro -r
I used to them but giving me command not found.
loud@1006kro:/usr/local/bro$ sudo vim local.bro
loud@1006kro:/usr/local/bro$ ls
archive etc lib logs policy scripts site var
bin include local.bro perl reports share trace1.tcpdump
loud@1006kro:/usr/local/bro$ cat local.bro
redef local_nets: set[subnet] = {
10.20.1.0/24,
};
loud@1006kro:/usr/local/bro$ sudo setenv BROPATH =
/usr/local/bro/site/:/usr/local/bro/policy/:/usr/local/bro/policy/sigs
sudo: setenv: command not found
loud@1006kro:/usr/local/bro$ setenv BROPATH =
/usr/local/bro/site/:/usr/local/bro/policy/:/usr/local/bro/policy/sigs
bash: setenv: command not found
loud@1006kro:/usr/local/bro$ bro -r trace1.tcpdump local tcp alarm wierd
bash: bro: command not found
loud@1006kro:/usr/local/bro$
are those commands depend on the directory I am present.
In which directory do I need to run that command.
Thanks,
KM.
Setenv is the TCSH syntax for setting environment variables.
For bash, you do
BROHOME=/usr/local/bro
BROPATH=$BROHOME/site:$BROHOME/policy:$BROHOME/sigs
Also, you need to set your path to include bro
PATH=/usr/local/bro/bin:$PATH
I am sorry I didnt get it. I am not that much familiar with linux commands .
I tried to do so but getting same output
loud@1006kro:/$ BROHOME = /usr/local/bro/
bash: BROHOME: command not found
loud@1006kro :/$ BROPATH = $/usr/local/bro/site
bash: BROPATH: command not found
loud@1006kro:/$ PATH = /usr/local/bro/bin:SPATH
bash: PATH: command not found
Thanks&Regards,
Kanthi Myneni.
On Thu, Dec 20, 2007 at 02:40:06PM -0500, kanthi myneni composed:
I am sorry I didnt get it. I am not that much familiar with linux commands .
I tried to do so but getting same output
loud@1006kro:/ BROHOME = /usr/local/bro/
bash: BROHOME: command not found
loud@1006kro:/ BROPATH = /usr/local/bro/site
bash: BROPATH: command not found
loud@1006kro:/ PATH = /usr/local/bro/bin:SPATH
bash: PATH: command not found
No spaces, sorry
BROHOME=/usr/local/bro/
BROPATH=$BROHOME/site:$BROHOME/policy:$BROHOME/policy/sigs
PATH=/usr/local/bro/bin:$PATH
Thanks a lot for your reply.
It worked. But I am having problem in running bro . It is giving me the following error
loud@1006kro:/usr/local/bro/bin$ sudo bro -r trace1.tcpdump local tcp alarm weird
Password:
sudo: bro: command not found
loud@1006kro:/usr/local/bro/bin$ sudo ./bro -r trace1.tcpdump local tcp alarm weird
line 1: error: can’t open bro.init
loud@1006kro:/usr/local/bro/bin$
Giving me the above error.
Thanks&Regards,
Kanthi Myneni.
THe can't find "bro.init" error says the bropath is messed up
type the command: which bro
printenv BROHOME
printenv BROPATH
On Thu, Dec 20, 2007 at 04:30:22PM -0500, kanthi myneni composed: