[Oisf-devel] Problem with Broccoli connection
Daniel Wyschogrod
dwyschogrod at bbn.com
Sun Dec 2 07:50:41 UTC 2012
I'm just getting up to speed on Bro and Broccoli in an attempt to port some of our existing sensors to the Bro environment. I've been trying to connect unsuccessfully to a Bro server using the Barnyard2 alert_bro mechanism. The initial connection fails with a "Could not connect to Bro!" message. I attempted the same connection using py-broccoli and I get an IOError message. I've modified the local.bro script to contain:
@load policy/frameworks/communication/listen
redef Communication::listen_port = 47757/tcp;
@load policy/integration/barnyard2
redef Communication::nodes += {
["local"] = [$host=127.0.0.1, $class="barnyard",$events=/Barnyard2:barnyard_alert/,$connect=F]
};
From examining the spo_alert_bro.c code in a debugger, it seems that the socket call in try_connect in the broccoli bro_openssl.c is failing.
Is my local.bro code correct? It seems that Bro is not accepting Broccoli connections.
Any help would be greatly appreciated.
Thanks,
Dan
____________________
Dan Wyschogrod
Senior Scientist
Cyber Security
Raytheon/BBN Technologies
dwyschogrod at bbn.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2593 bytes
Desc: not available
URL: <http://lists.openinfosecfoundation.org/pipermail/oisf-devel/attachments/20121202/c4a16b1f/attachment.bin>
More information about the Oisf-devel
mailing list