Hello, The message is saying that Bro is unable to find something to said regarding the time range. It uses the date taken from the pcap's file and so the various logs. The script "site-report.pl" uses (by default) : +-+-+ $DEFAULT_CONFIG->{'report-range'} = 24; $DEFAULT_CONFIG->{'report-start'} = 'yesterday'; +-+-+ So if you run the report more than 24 hours after the date of the data captured, it seems to be normal to have nothing reported (but i may be wrong). A possible workaround is to use the options given by the script : +-+-+ Options passed to the program on the command line Command line reference --report-range|-r Length of time (in hours) from report-start to report on. This will be overridden by report-end if specified. (default: 24) --report-start|-s The start time of the data to report on. See date format below. Values of yesterday and today are also understood and default to to a start time of 00:30 hours (default: yesterday) --report-end|-e The end time of the data to report on. This will override report-range if specified. ( Examples: 2004-12-26T01:23:00, accurate to seconds field 2004-12-26, Is the same as 2004-12-26T00:00:00 2004-12-26T13, Is the same as 2004-12-26T13:00:00 ) +-+-+ Best regards, Jean-philippe. On Thu, Aug 16, 2007 at 05:56:18PM +0800, mel wrote: