我已经从源代码构建了兄弟ID。它已成功安装
user@ubuntu:~$ bro -v
bro version 2.4.1
我正在VM运行兄弟。我在ENS33而不是ETH0中的以太网接口。将Node.CFG更新为我的自定义接口(即ENS33)后,我仍然无法启动bro。
node.cfg
[bro]
type=standalone
host=localhost
interface=ens33
启动Broctl时,我会看到以下错误日志
Bro 2.4.1
Linux 4.4.0-96-generic
==== No reporter.log
==== stderr.log
fatal error: problem with interface eth0 (eth0: SIOCETHTOOL(ETHTOOL_GET_TS_INFO) ioctl failed: No such device)
==== stdout.log
max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited
==== .cmdline
-i eth0 -U .status -p broctl -p broctl-live -p standalone -p local -p bro local.bro broctl broctl/standalone broctl/auto
==== .env_vars
PATH=/usr/bin:/usr/share/broctl/scripts:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin
BROPATH=/var/spool/bro/installed-scripts-do-not-touch/site::/var/spool/bro/installed-scripts-do-not-touch/auto:/usr/share/bro:/usr/share/bro/policy:/usr/share/bro/site
CLUSTER_NODE=
==== .status
TERMINATED [atexit]
==== No prof.log
==== No packet_filter.log
==== No loaded_scripts.log
我从日志中可以理解的是,broctl无法读取更新的node.cfg,因为它使用了错误的接口。现在,我需要知道我还需要进行什么更改才能开始bro而不会崩溃?
您应该在/etc/bro/node.cfg中编辑配置文件,然后将ETH0更改为ENS33