I have Bro 1.4 configured and running fine, however, it does not appear to be generating any summary reports. I ran bro_config and edited bro.cfg with settings for my setup, but I am not receiving any summary report at the address specified in bro.cfg, nor is it generating any summary report file.
Any ideas on what could be causing the problem?
Also, is the summary report written to a file in /usr/local/bro/reports or is it only emailed?
Thanks.
Please update to Bro 1.5, the 1.4 release is no longer supported and it looks like you are using the Brolite configuration framework which is currently deprecated and due to be completely stripped from future releases.
.Seth
I would, but there appears to be a compatibility issue with Bro 1.5 on my system – it does not complete compiling and returns errors.
So for now, I have been using Bro 1.4.
What's the error?
.Seth
Running ./configure works fine. Then after doing a ‘make’, it compiles for a bit and then stops and prints these errors:
capstats.cc:14:26: net/ethernet.h: No such file or directory.
(About 6 more capstats.cc errors)
capstyats.cc:423:error (Each undeclared identifier is reported only once for each function it appears in.)
*** Error code 1
Stop in /home/trueblue/bro-1.5.1/aux/capstats (line 104 of /usr/share/mk/sys.mk).
*** Error code 1
Stop in /home/trueblue/bro-1.5.1/aux/capstats (line 120 of Makefile).
*** Error code 1
Stop in /home/trueblue/bro-1.5.1/aux/broctl (line 65 of Makefile).
*** Error code 1
Stop in /home/trueblue/bro-1.5.1/aux (line 181 of Makefile).
*** Error code 1
Stop in /home/trueblue/bro-1.5.1/aux (line 148 of Makefile).
*** Error code 1
Stop in /home/trueblue/bro-1.5.1 (line 198 of Makefile).
*** Error code 1
Stop in /home/trueblue/bro-1.5.1 (line 137 of Makefile).
It looks like that error might be related to tracker ticket #213