Hi,
I think Bro-pipe is a special Broccoli client. So I try to test to run Bro-pipe to see its effect. I can run it in older version of Bro (1.5) based on 2009 workshop exercise. But when I follow the same step and run it in Bro (1.6), nothing show up. I observe two situations:
-
directly run Bro binary without indicating interface
if I run Bro through command /usr/local/bro/bin/bro *.bro (without indicating interface),
In Bro 1.5, after executing this command, Bro will continue execution.
But in Bro 1.6, Bro will terminate immediately. Is that the right phenomenon?
-
run bro-pipe to send event to Bro instance
In Bro 1.5, I just first run command
/usr/local/bro/bin/bro *.bro (let Bro run)
and run bro-pipe
/usr/local/bro/bin/bropipe host=127.0.0.1:47757 -f *.bro-pipe
And Bro can detect event
But in Bro 1.6, I need to run command
/usr/local/bro/bin/bro -i eth0 *.bro (let Bro run)
and run bro-pipe
/usr/local/bro/bin/bropipe host=127.0.0.1:47757 -f *.bro-pipe (I also try port 47758)
But Bro-pipe just stick there and there is even no warning such as “could not connect Bro at …”. Bro does not detect any event
So how can I run Bro-Pipe in Bro 1.6
I think Bro-pipe is a special Broccoli client. So I try to test to run Bro-pipe to see its effect. I can run it in older version of Bro (1.5) based on 2009 workshop exercise. But when I follow the same step and run it in Bro (1.6), nothing show up. I observe two situations:
I haven't tried to build bro-pipe lately, but in your tests, did you compile separate versions to use against the Bro 1.6 and Bro 1.5 binaries? The communication protocol or at least serialization scheme I think maybe changed between versions and might cause trouble?
- Jon
Bro 1.5 is actually installed in Ubuntu Hardy (8.04) a kind of old version.
Bro 1.6 is from git and installed on Ubuntu Lucid (10.04).
For current version of Bro, how can I make it continue running either in the foreground or background? And Bro in this version listen to 47785 port?
I am taking look at Broccoli C API right now, hope Broccoli manual can solve some of my confusion.
Bro 1.5 is actually installed in Ubuntu Hardy (8.04) a kind of old version.
Bro 1.6 is from git and installed on Ubuntu Lucid (10.04).
I meant make sure that you compile different bro-pipes when you try to talk to the different bros?
For current version of Bro, how can I make it continue running either in the foreground or background? And Bro in this version listen to 47785 port?
Try `bro frameworks/communication/listen` and it should listen on 47757.
- Jon
Bro 1.5 is actually installed in Ubuntu Hardy (8.04) a kind of old version.
Bro 1.6 is from git and installed on Ubuntu Lucid (10.04).
I meant make sure that you compile different bro-pipes when you try to talk to the different bros?
For current version of Bro, how can I make it continue running either in the foreground or background? And Bro in this version listen to 47785 port?
Try bro frameworks/communication/listen and it should listen on 47757.
Directly running this command in the shell? where is this “frameworks/communication/listen”?
Directly running this command in the shell?
Yes.
where is this “frameworks/communication/listen”?
That's shorthand, but the actually script is in scripts/policy/frameworks/communication/listen.bro (within the Bro source tree.
- Jon
Directly running this command in the shell?
Yes.
where is this “frameworks/communication/listen”?
That’s shorthand, but the actually script is in scripts/policy/frameworks/communication/listen.bro (within the Bro source tree.
that is weird, I don’t have scripts directory in my bro source package. And I also could find “listen.bro” both in Bro source package as well Bro’s installation directory.
that is weird, I don't have scripts directory in my bro source package. And I also could find "listen.bro" both in Bro source package as well Bro's installation directory.
You're working from a local clone of the git repository? Have you updated it lately with the commands:
`git checkout master && git pull && git submodule update --recursive --init` ?
And if you were working from a branch, you can check it back out and merge the newly updated master branch into it. Remember to also rebuild afterwards if anything needed updating.
- Jon