0

When trying to run the main.bro file in the conn directory using the following command:

bro -i [interface] /location/to/bro/file/

I get the following errors:

error in /home/ec2-user/bro/bro-2.5.1/scripts/base/protocols/conn/main.bro, line 14: identifier or enumerator value in enumerated type definition already exists
error in /usr/local/bro/share/bro/base/protocols/conn/./main.bro, line 124: already defined (Conn::log_conn)
internal warning in /home/ec2-user/bro/bro-2.5.1/scripts/base/protocols/conn/main.bro, line 124: Duplicate identifier documentation: Conn::log_conn
fatal error in /usr/local/bro/share/bro/base/frameworks/logging/./main.bro, lines 13-16: BroType::AsEnumType (error/enum) (error)

My goal: To return the conn.log files with orig_bytes and resp_bytes not being null, so I'm trying to get rid of the & optional flags after those 2 variables in the main.bro file. All other aspects of the code are the same.

Sidenote: I managed to retrieve conn.log files with adjustments made to the local.bro file in /scripts/site/

Thanks for your help.

David Hoelzer
  • 15,862
  • 4
  • 48
  • 67
David
  • 103
  • 1
  • 1
  • 8

1 Answers1

0

Conn is already being loaded by init-default.bro. You can run Bro in "bare mode," where this file won't be loaded using the -b flag.

However, if you find yourself needing to modify scripts under the base directory, that's usually a sign that you should take a step back and think if this is really the correct approach. In this instance, orig_bytes and resp_bytes are null because Bro hasn't seen any traffic from the originator or responder for those connections. Removing &optional isn't going to change that. The question I'd focus on instead is, if there really is traffic there, why isn't Bro seeing it?

grigorescu
  • 21
  • 3