1、准备工作:
Bro requires the following libraries and tools to be installed before you begin:
- Libpcap (http://www.tcpdump.org)
- OpenSSL libraries (http://www.openssl.org)
- BIND8 library
- Libz
- Bash (for BroControl)
- Python (for BroControl)
To build Bro from source, the following additional dependencies are required:
- CMake 2.8 or greater (http://www.cmake.org)
- Make
- C/C++ compiler
- SWIG (http://www.swig.org)
- Bison (GNU Parser Generator)
- Flex (Fast Lexical Analyzer)
- Libpcap headers (http://www.tcpdump.org)
- OpenSSL headers (http://www.openssl.org)
- zlib headers
- Perl
yum install cmake make gcc gcc-c++ flex bison libpcap-devel openssl-devel python-devel swig zlib-devel
2、下载源码包:http://bro.org/download/index.html
3、安装源码包:
a、下载cmake-master,安装文档上没有提到,github上cmake是一个单独的下载路径
b、下载BinPAC并安装(同样也需要cmake文件)
./configure cd build make make install
c、下载sqlite3相关文件/bro-3rdparty
安装:
./configure
make
make install
====================| Bro Build Summary |=====================
Install prefix: /usr/local/bro
Bro Script Path: /usr/local/bro/share/bro
Debug mode: false
CC: /usr/bin/cc
CFLAGS: -Wall -Wno-unused -O2 -g -DNDEBUG
CXX: /usr/bin/c++
CXXFLAGS: -Wall -Wno-unused -O2 -g -DNDEBUG
CPP: /usr/bin/c++
Broker:
Broccoli: false
Broctl: false
Aux. Tools: false
GeoIP: false
gperftools found: false
tcmalloc: false
debugging: false
jemalloc: false
================================================================
-- Configuring done
-- Generating done
CMake Warning:
Manually-specified variables were not used by the project:
BinPAC_SKIP_INSTALL
DISABLE_RUBY_BINDINGS
PY_MOD_INSTALL_DIR
-- Build files have been written to: /root/bro/bro-2.4.1/build
安装完成后,需要export路径
export PATH=/usr/local/bro/bin:$PATH
4、安装broctl(在https://github.com/bro有)
a、同样需要cmake文件
b、需要安装SubnetTree(在https://github.com/bro有)
python setup.py install
5、启动bro
Now start the BroControl shell like:
broctl
Since this is the first-time use of the shell, perform an initial installation of the BroControl configuration:
[BroControl] > install
Then start up a Bro instance:
[BroControl] > start
0-59/5 * * * * $PREFIX/bin/broctl cron