Hello Bro developers and users,
I’m new to Bro but I’m thinking about using it in my thesis research. So far the installation of 1.3.2 and 1.2.1 has gone well.
As a test I ran bro against trace1.tcpdump and buffer-overflow-attack.tcpdump which worked fine. Next I created a tcpdump file using tcpdump -w test.out. Tcpdump captured several packets. When bro is ran against this file it kicks out an error:
command given: bro -r test.out tcp
error returned:
line 1: warning: event handlers never invoked:
line 1: warning: account_tried
Is there a trick to creating the tcpdump files?
Running FreeBSD 6.2 with libpcap 0.97
Used root for all commands.
$PATH is updated with /usr/local/bro/bin
setenv BROPATH /usr/local/bro/policy:/usr/local/bro/site
setenv BRO_DNS_FAKE 1
Any explanation you can share about this error would be great.
Thanks.
v/r
Thomas Tenhunen
Naval Postgraduate School
Code 368-SFS
ttenhune@nps.edu