> Apparently, the output is heavily buffered.
It's the usual stdio buffering. Bro catches SIGINT, so when you kill it, it
should flush those files. Is that not working, or were you looking at the
files while Bro was running?
Bro needs a mechanism for telling it "flush your current state". A hack
for this would be some sort of signal; but I think the right way to do
it is to add a general mechanism for communicating with Bro (one that lets
you inject [authenticated, of course] events). This is needed anyway
because Bro needs to evolve towards multiple event agents (some watching
network links, some perhaps running on hosts and just watching the hosts)
and that will require an event communication mechanism.
Vern
> Our current installation of Bro on Solaris 2.6 only logs to the bro.log
> file. Other log files such as ftp.log are created but not written to
> even when events should have been logged. While troubleshooting this, we
> reviewed the attached config.log file and discovered a couple of errors
> that could be the cause of our problem:
>
> - Line 43, there are declaration conflicts for openlog, syslog and
> closelog
> - Line 65-70, contains several type conflicts
> - Line 87, contains a declaration conflict for gettimeofday
> - Line 101, there is an undefined symbol gethostbyname
> - Line 135, there is an undefined symbol socket
> - Line 169, the str library is not found -- where can we download this
> library?
(config.log is the autoconf log; the "errors" in it are a normal part
the process that allows the configure script to determine which
features are available on your particular OS type and version.)
Craig
I'm trying to compile bro 0.4 on RedHat Linux 5.2, which has the
egcs compilers installed by default:
% c++ -v
Reading specs from /usr/lib/gcc-lib/i386-redhat-linux/egcs-2.90.29/specs
gcc version egcs-2.90.29 980515 (egcs-1.0.3 release)
When I try to compile bro, it stops on DNS.cc:
% make
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -DVERSION="\"0.4\"" -c main.cc
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c parse.cc
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c scan.cc
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c util.cc
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c BroString.cc
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c CompHash.cc
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c Conn.cc
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c Desc.cc
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c Dict.cc
c++ -I. -I../libpcap-0.4a6 -g -Wall -g -D__STDC__=2 -c DNS.cc
DNS.cc: In method `void DNS_Mgr::AddResult(class DNS_Request *, struct nb_dns_result *)':
DNS.cc:688: parse error before `('
make: *** [DNS.o] Error 1
Here are the source lines in the area of the error (via cat -n DNS.cc)
683 return r;
684 }
685
686 void DNS_Mgr::AddResult(DNS_Request* dr, struct nb_dns_result* r)
687 {
688 hostent* h = (r && r->h_errno == 0) ? r->hostent : 0;
689
690 DNS_Mapping* new_dm;
691 DNS_Mapping* prev_dm;
692 int keep_prev = 0;
693
Anyone have any suggestions? I'm not very good with c++, so this is beyond
my ability to fix.
Mike Iglesias Internet: iglesias(a)draco.acs.uci.edu
University of California, Irvine phone: 949-824-6926
Office of Academic Computing FAX: 949-824-2069
