I have a question regarding the use of IP addresses vs. hostnames in the
destinations file in remote.bro.
When the configuration is set up in the form:
redef destinations += {
["foo"] = [$host = weed.nersc.gov, $events = /.*/, $connect=T,
$retry = 60 secs, $ssl=T]
};
bro experiences an error at startup:
-bash-2.05b$ bin/bro -t trace remote
Execution tracing ON.
1118358881.581429 ./policy/remote.bro, line 56 ({128.55.14.206}): bad tag in Val::AsAddr
where the execution tracing at the point in question shows:
1118358881.581429 ./policy/remote.bro:80 Builtin Function called: set_buf(f = '<no value description>', buffered = 'F')
1118358881.581429 ./policy/remote.bro:80 Function return: <void value description>
1118358881.581429 ./policy/remote.bro:93 Builtin Function called: connect(ip = '{
128.55.14.206
}', p = '47756/tcp', retry = '1.0 min', ssl = 'T')
From the trace file, it seems that the name has been successfully
converted, but has additional spaces and returns.
When remote.bro is configured to use the IP address of the remote host,
startup is *normal* and the trace file looks like:
1118358999.795913 ./policy/remote.bro:80 Builtin Function called: set_buf(f = '<no value description>', buffered = 'F')
1118358999.795913 ./policy/remote.bro:80 Function return: <void value description>
1118358999.795913 ./policy/remote.bro:93 Builtin Function called: connect(ip = '128.55.14.206', p = '47756/tcp', retry = '1.0 min', ssl = 'T')
note the lack of spaces and returns.
Since the client cert is associated to the host name rather than the IP
address, I am getting authentication failures for ssl.
Any thoughts on how to fix this (besides getting a cert assigned to an IP)?
scott