Hi,

I think Bro-pipe is a special Broccoli client. So I try to test to run Bro-pipe to see its effect. I can run it in older version of Bro (1.5) based on 2009 workshop exercise. But when I follow the same step and run it in Bro (1.6), nothing show up. I observe two situations:

1. directly run Bro binary without indicating interface
   if I run Bro through command /usr/local/bro/bin/bro *.bro (without indicating interface),
   In Bro 1.5, after executing this command, Bro will continue execution.
   But in Bro 1.6, Bro will terminate immediately. Is that the right phenomenon?

2. run bro-pipe to send event to Bro instance
   In Bro 1.5, I just first run command
   /usr/local/bro/bin/bro *.bro (let Bro run)
   and run bro-pipe
   /usr/local/bro/bin/bropipe host=127.0.0.1:47757 -f *.bro-pipe
   And Bro can detect event

But in Bro 1.6, I need to run command
/usr/local/bro/bin/bro -i eth0 *.bro (let Bro run)
and run bro-pipe
/usr/local/bro/bin/bropipe host=127.0.0.1:47757 -f *.bro-pipe (I also try port 47758)
But Bro-pipe just stick there and there is even no warning such as “could not connect Bro at …”. Bro does not detect any event

So how can I run Bro-Pipe in Bro 1.6

I think Bro-pipe is a special Broccoli client. So I try to test to run Bro-pipe to see its effect. I can run it in older version of Bro (1.5) based on 2009 workshop exercise. But when I follow the same step and run it in Bro (1.6), nothing show up. I observe two situations:

I haven't tried to build bro-pipe lately, but in your tests, did you compile separate versions to use against the Bro 1.6 and Bro 1.5 binaries? The communication protocol or at least serialization scheme I think maybe changed between versions and might cause trouble?

- Jon

Bro 1.5 is actually installed in Ubuntu Hardy (8.04) a kind of old version.

Bro 1.6 is from git and installed on Ubuntu Lucid (10.04).

For current version of Bro, how can I make it continue running either in the foreground or background? And Bro in this version listen to 47785 port?

I am taking look at Broccoli C API right now, hope Broccoli manual can solve some of my confusion.

Bro 1.5 is actually installed in Ubuntu Hardy (8.04) a kind of old version.

Bro 1.6 is from git and installed on Ubuntu Lucid (10.04).

I meant make sure that you compile different bro-pipes when you try to talk to the different bros?

For current version of Bro, how can I make it continue running either in the foreground or background? And Bro in this version listen to 47785 port?

Try `bro frameworks/communication/listen` and it should listen on 47757.

- Jon

Bro 1.5 is actually installed in Ubuntu Hardy (8.04) a kind of old version.

Bro 1.6 is from git and installed on Ubuntu Lucid (10.04).

I meant make sure that you compile different bro-pipes when you try to talk to the different bros?

For current version of Bro, how can I make it continue running either in the foreground or background? And Bro in this version listen to 47785 port?

Try bro frameworks/communication/listen and it should listen on 47757.

Directly running this command in the shell? where is this “frameworks/communication/listen”?

Directly running this command in the shell?

Yes.

where is this “frameworks/communication/listen”?

That's shorthand, but the actually script is in scripts/policy/frameworks/communication/listen.bro (within the Bro source tree.

- Jon

Directly running this command in the shell?

Yes.

where is this “frameworks/communication/listen”?

That’s shorthand, but the actually script is in scripts/policy/frameworks/communication/listen.bro (within the Bro source tree.

that is weird, I don’t have scripts directory in my bro source package. And I also could find “listen.bro” both in Bro source package as well Bro’s installation directory.

that is weird, I don't have scripts directory in my bro source package. And I also could find "listen.bro" both in Bro source package as well Bro's installation directory.

You're working from a local clone of the git repository? Have you updated it lately with the commands:

`git checkout master && git pull && git submodule update --recursive --init` ?

And if you were working from a branch, you can check it back out and merge the newly updated master branch into it. Remember to also rebuild afterwards if anything needed updating.

- Jon