Next: Bro Cron Scripts, Previous: Starting Bro Daemon, Up: Running Bro
If you use bash
for your shell, you do something like this
to start Bro by hand:
cd /usr/local/bro . etc/bro.cfg ./bro -i eth1 -i eth2 myhost.mysite.org.bro
The '. etc/bro.cfg' should set your $BROHOME and $BROPATH correctly to find all of the needed the files.
Files are loaded is the following order: Bro is invoked with a start file (in the above myhost.mysite.org.bro). In that file (which is in $BROHOME/site) there should be a couple of lines like this at the top:
---------------- myhost.mysite.org.bro ---------------------------- @prefixes = local @load site # file generated by the network script for dynamic config # of the local network subnets. # Make any changes to policy starting here .... -------------- end --------------------------------------
The '@load site' will load the local.site.bro file from $BROHOME/site. If you are making changes, you should make them in 'myhost.mysite.bro' file.
Bro can also be run on tcpdump -w
files instead of on live traffic.
To do this, you must set a BROPATH
enviroment variable to point
at your set of policy scripts. For example (in csh):
setenv BROHOME /usr/local/bro setenv BROPATH $BROHOME/site:$BROHOME/policy bro -r dumpfile brohost
More information on Bro run-time flags and environment variables is available in the Reference Manual.