Hello All:
So I have been able to successfully compile and install bro on RHEL4.0 with dag support. Looks like bro is able to recognize DAG cards as well.
There were multiple issues which I ended up fixing off-course with the help from this list. Thanks a lot.
Just for future reference :
1) compile libpcap-0.9.4 (latest version which has DAG support) to enable DAG options
./configure --disable-localpcap --libdir=/usr/local/lib --with-dag=/usr/local/dag --prefix=/usr/local CFLAGS="-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64"
2) I removed "aux" from compilation list
3) Compile bro with the following :
/configure '--disable-localpcap' '--enable-selectloop' '--prefix=/usr/local/bro' '--libdir=/usr/local/lib' CFLAGS='-I/usr/local/include' LDFLAGS='-L/usr/local/lib'
Bro installed successfully and starts/stops just fine but its not capturing any data so far. I have defined dag0 and dag1 as capture interfaces in bro.cfg.
The info.bro file is a little unusual. It does not pick up any capture filter. Is this normal for dag* interfaces ? Is there any default filter then ? If not, how can I fix this capture filter issue.
I tried redefining capture filter in hostname.bro file in site folder but in vein.
Here is the info.bro log :