Hi all
After having resolved my last problem, I'm already facing a new one. I
am trying to setup Broccoli communication between Bro and the
Timemachine. TM and Bro are running on the same machine and I have
included the "listen-clear" and "time-machine" in my policy, in
tm.conf the bro_connect_str is configured accordingly (see the
attached files). What happens is that I can see in the remote.log that
the TM registers to TimeMachine::command and in Bro's tm.log that it
indeed sends queries over to the TM. If I then look at the TM's
logfile, I see that the query was unsuccessful (0 matches). After a
couple of mismatches it seems that some part of the TM crashes. (i.e.
it still logs that it drops all the packets; no increase in CPU usage
though) The TM can then only be shut down by using kill -9. If I don't
use Broccoli at all and instead manually enter the same queries in the
console (replacing the "query feed" part with "query to_file"),
everything works fine. Does anyone have an idea what could be the
problem here? My guess that it something in the TM and not in Bro.
Regards - Fabian
remote.log (3.45 KB)
tm_tm.log (7.23 KB)
tm.conf (919 Bytes)
bro_tm.log (1.69 KB)
poc-nf.bro (420 Bytes)