bro-1.2.1 is now running on a 4.0-release openbsd machine here (thx j-p!) and
generating logs, however i got an empty report email this morning. i mean empty
as in there was no body to the email i received.
when i installed bro, i had to manually add the bro user and change ownership of
some of the directories in its install directory:
# ls -al /usr/local/bro
total 68
drwxr-xr-x 15 root wheel 512 Jan 30 20:05 .
drwxr-xr-x 15 root wheel 512 Jan 30 19:52 ..
drwxr-xr-x 2 bro wheel 512 Jan 30 19:52 archive
drwxr-xr-x 2 root wheel 512 Jan 30 20:02 bin
drwxr-xr-x 2 root wheel 512 Jan 30 20:10 etc
drwxr-xr-x 2 root wheel 512 Jan 30 20:00 include
drwxr-xr-x 2 root wheel 512 Jan 30 20:00 lib
drwxr-xr-x 3 bro wheel 3584 Jan 31 03:00 logs
drwxr-xr-x 4 root wheel 512 Jan 30 20:05 perl
drwxr-xr-x 3 root wheel 4096 Jan 30 20:05 policy
drwxr-xr-x 2 bro wheel 512 Jan 30 19:52 reports
drwxr-xr-x 2 root wheel 512 Jan 30 20:05 scripts
drwxr-xr-x 4 root wheel 512 Jan 30 19:52 share
drwxr-xr-x 2 root wheel 512 Jan 30 20:05 site
drwxr-xr-x 2 bro wheel 512 Jan 30 21:07 var
perhaps this has something to do with the empty report? i've looked through the
system logs and cannot find anything indicating why the report was not generated.
cluesticking appreciated.
cheers,
jake