Hi all,
After installing Bro 2.5 via rpm on RHEL 7.3 (and running bro with broctl), I no longer receive “Dropped Packets” and “Invalid_Server_Cert” email notices that I would receive almost daily when running Bro 2.4. I still receive connection summaries every hour, which is the same as 2.4. While looking into this problem, I noticed that Bro is no longer generating the notice.log or reporter.log nearly as often as it was before. I understand that it could be possible that these problems are no longer being triggered, but I find it very hard to believe that there are no dropped packets or invalid server certs anymore. A custom script that sends an email notice when Bro is started and when Bro is stopped works fine, so I’m not sure why the other alerts wouldn’t be working .Any and all help is appreciated.
Best regards,
Dan Manzo