problem installing bro on ubuntu 10.04

Have you looked closely at the configure output? It tends to indicate
what items are not found and from there make additions to the system
to fill in the missing pieces.

rajasekhar reddy made the following keystrokes:

Hi
Thanx to every one…
I am new to linux and i need bro to be installed on my lap to work on my project on network security

AND THIS IS WHAT I GOT WHEN I CONFIGURE IT

raj@ubuntu:~/Desktop/bro-1.5.2$ ./configure --prefix=/path/to/bro
checking build system type… x86_64-unknown-linux-gnu
checking host system type… x86_64-unknown-linux-gnu
checking target system type… x86_64-unknown-linux-gnu
checking for a BSD-compatible install… /usr/bin/install -c
checking whether build environment is sane… yes
checking for a thread-safe mkdir -p… /bin/mkdir -p
checking for gawk… gawk
checking whether make sets $(MAKE)… yes
checking for gcc… gcc
checking for C compiler default output file name… a.out
checking whether the C compiler works… yes
checking whether we are cross compiling… no
checking for suffix of executables…
checking for suffix of object files… o
checking whether we are using the GNU C compiler… yes
checking whether gcc accepts -g… yes
checking for gcc option to accept ISO C89… none needed
checking for style of include used by make… GNU
checking dependency style of gcc… gcc3
checking for flex… flex
checking lex output file root… lex.yy
checking lex library… -lfl
checking whether yytext is a pointer… yes
checking for bison… bison -y
checking for g++… g++
checking whether we are using the GNU C++ compiler… yes
checking whether g++ accepts -g… yes
checking dependency style of g++… gcc3
checking for a BSD-compatible install… /usr/bin/install -c
checking whether make sets $(MAKE)… (cached) yes
checking for ranlib… ranlib
checking for gzip… gzip
checking how to run the C preprocessor… gcc -E
checking for grep that handles long lines and -e… /bin/grep
checking for egrep… /bin/grep -E
checking for ANSI C header files… yes
checking for sys/types.h… yes
checking for sys/stat.h… yes
checking for stdlib.h… yes
checking for string.h… yes
checking for memory.h… yes
checking for strings.h… yes
checking for inttypes.h… yes
checking for stdint.h… yes
checking for unistd.h… yes
checking stdio.h usability… yes
checking stdio.h presence… yes
checking for stdio.h… yes
checking for stdio.h… (cached) yes
checking for stdio.h… (cached) yes
checking for OPENSSL_add_all_algorithms_conf in -lcrypto… yes
checking for SSL_new in -lssl… yes
checking whether OPENSSL_add_all_algorithms_conf is declared… yes
checking for OpenSSL >= 0.9.7… yes
checking whether d2i_X509() uses a const unsigned char**… yes
checking for perl5… no
checking for perl… /usr/bin/perl
checking for chown… /bin/chown
checking Linux kernel version… 2
checking for special C compiler options needed for large files… no
checking for _FILE_OFFSET_BITS value needed for large files… no
checking for ANSI C header files… (cached) yes
checking return type of signal handlers… void
checking for sigset… yes
checking for int32_t using gcc… yes
checking for u_int32_t using gcc… yes
checking for u_int16_t using gcc… yes
checking for u_int8_t using gcc… yes
checking whether time.h and sys/time.h may both be included… yes
checking for memory.h… (cached) yes
checking netinet/in.h usability… yes
checking netinet/in.h presence… yes
checking for netinet/in.h… yes
checking socket.h usability… no
checking socket.h presence… no
checking for socket.h… no
checking getopt.h usability… yes
checking getopt.h presence… yes
checking for getopt.h… yes
checking for net/ethernet.h… yes
checking for netinet/ether.h… yes
checking for netinet/if_ether.h… yes
checking for sys/ethernet.h… no
checking for netinet/ip6.h… yes
checking for socklen_t… yes
checking if syslog returns int… no
checking if we should declare socket and friends… no
checking for gethostbyname… yes
checking for socket… yes
checking for putmsg in -lstr… no
checking for local pcap library… /home/raj/Desktop/libpcap-1.1.1/libpcap.a
checking for pcap_freecode in -lpcap… yes
checking for pcap headers… /usr/include
checking if pcap_compile_nopcap needs error parameter… not needed
checking pcap-int.h usability… yes
checking pcap-int.h presence… yes
checking for pcap-int.h… yes
checking for bpf_set_bufsize… no
checking for pcap_version in libpcap… yes
checking for main in -lpcap… yes
checking if char_traits defines all methods… yes
checking for ns_msg… yes
checking for ns_inittab/res_mkquery with resolver ‘none’… no
checking for ns_inittab/res_mkquery with resolver ‘-lresolv’… yes
configure: Nonblocking DNS enabled.
checking for working memcmp… yes
checking for strftime… yes
checking for strerror… yes
checking for strsep… yes
checking for strcasestr… yes
checking for mallinfo… yes
checking for getopt_long… yes
checking for library containing inet_aton… none required
checking for deflatePrime in -lz… yes
checking magic.h usability… yes
checking magic.h presence… yes
checking for magic.h… yes
checking for magic_open in -lmagic… yes
checking GeoIPCity.h usability… yes
checking GeoIPCity.h presence… yes
checking for GeoIPCity.h… yes
checking for GeoIP_open_type in -lGeoIP… yes
checking for tgetnum in -ltermcap… yes
checking termcap.h usability… yes
checking termcap.h presence… yes
checking for termcap.h… yes
checking term.h usability… yes
checking term.h presence… yes
checking for term.h… yes
yes
checking readline/readline.h usability… no
checking readline/readline.h presence… no
checking for readline/readline.h… no
checking readline/history.h usability… no
checking readline/history.h presence… no
checking for readline/history.h… no
checking for using_history in -lreadline… no
checking whether byte ordering is bigendian… no
checking for union semun… no
checking for struct sembuf… yes
checking for struct sockaddr_in.sin_len… no
checking for long long… yes
checking size of long long… 8
checking for long int… yes
checking size of long int… 8
checking for void *… yes
checking size of void *… 8
checking Linux kernel version support selectable fds… 2.6 is ok
checking for dag_open in -ldag… no
checking pcap.h usability… yes
checking pcap.h presence… yes
checking for pcap.h… yes
checking for python… /usr/bin/python
checking for Python >= 2.4… yes
checking for python-config… yes
=== configuring in aux/broctl
Created Makefile.
Created bin/broctl.
Created bin/make-wrapper.

Bro Control Configuration Summary

Rajasekhar,

The configure/build output looked pretty "normal" (error-free) to me, but when/if you go to execute `make install`...

raj@ubuntu:~/Desktop/bro-1.5.2$ ./configure --prefix=/path/to/bro

that installation prefix (/path/to/bro) is probably not what you want.

- Jon

hi,
thanx for reply now i managed to install bro…

but i again i got a prblm on running bro ids… can any pls let me know how to run bro on command line on ubuntu 10.04

thanx & regards

Hi

can anyone pls help me to run bro ids i really need it.

please
Thakns & Regards
Rajasekhar

hi when i tried to run bro ids i am getting this error did i done any mistake…

root@ubuntu:/usr/local/bro/
etc# bro.rc start

bro.rc: command not found

root@ubuntu:/usr/local/bro/etc#

Thanks & Regards

You might be missing “.” from your path. What happens when you issue the command “/usr/local/bro/etc/bro.rc start”?

Sridhar

i tried that as well i coming same thing like command not found
Regards

Do “/bin/sh -x /usr/local/bro/etc/bro.rc start” and see what is happening.

Sridhar

Apologies for the documentation being so out of date, but the bro.rc has not been included in the 1.5 release. If you want to just Bro as a normal program, you can run the bro binary directly. If you want to run it as a daemon watching live traffic you will likely want to run it with BroControl. Here are some docs for installing and running Bro with BroControl

http://svn.icir.org/bro/releases/release_1_5/bro/aux/broctl/README.html

  .Seth

hi guys thanks for ur concern

i found some thing to wrk on bro ids…

can anyone tell me how to do these steps in configuring these steps in configuration of bro ids

  • The installation installs three configuration files which you should edit:

    • etc/broctl.cfg is the overall BroControl configuration. Initially, you probably only need to edit the email address for mails sent by the framework; that’s the MailTo line.

    • In etc/nodes.cfg, you need to specify the network interface Bro is to monitor; that’s the interface line.

    • In etc/networks.cfg, list all the networks which Bro should consider as local to the monitored enviroment.

thanks in advance

Rajasekhar

hi guys thanks for ur concern
please i am very new to linux any one pls help me

i found some thing to wrk on bro ids…

can anyone tell me how to do these steps in configuring these steps in configuration of bro ids

  • The installation installs three configuration files which you should edit:

    • etc/broctl.cfg is the overall BroControl configuration. Initially, you probably only need to edit the email address for mails sent by the framework; that’s the MailTo line.

    • In etc/nodes.cfg, you need to specify the network interface Bro is to monitor; that’s the interface line.

    • In etc/networks.cfg, list all the networks which Bro should consider as local to the monitored enviroment.

thanks in advance

What's your question?

  .Seth

  • The installation installs three configuration files which you should edit:

    • etc/broctl.cfg is the overall BroControl configuration. Initially, you probably only need to edit the email address for mails sent by the framework; that’s the MailTo line.

    • In etc/nodes.cfg, you need to specify the network interface Bro is to monitor; that’s the interface line.

    • In etc/networks.cfg, list all the networks which Bro should consider as local to the monitored enviroment.

CAN U PLS TELL ME HOW TO DO ABOVE STEPS

Those files should be in your directory where you installed Bro. You just need to edit them to suit your environment. Looking at the format of those files should be fairly obvious where and how to change them. Please ask if you have specific questions about how those files should be configured.

  .Seth

i find them but i can’t able to edit those r in read only mode…

Y need them i cant able to run my bro ids which is already installed…

I hope u understand my problem

yeah thanx i got that

root@raj-Satellite-L300:/path/to/bro/bin# broctl install
No command ‘broctl’ found, did you mean:
Command ‘brctl’ from package ‘bridge-utils’ (main)
broctl: command not found

can u tell me is this right path trying to install broctl or any other mistake

Thaks & Regards

thankx alot it wrks

hi

Can any one know how to run this command…

yeah thanx i got that

root@raj-Satellite-L300:/path/to/bro/bin# broctl install
No command 'broctl' found, did you mean:
Command 'brctl' from package 'bridge-utils' (main)
broctl: command not found

Try "./broctl install"

Note the "./" in front of the command.

Or give the full path in your command, eg.

/path/to/bro/bin/broctl install

or add /path/to/bro/bin to your path. Google for an explanation of the
PATH environment variable for an explanation. I'll even supply a link
for you.

http://www.codecoffee.com/tipsforlinux/articles/11.html