![]() Please make sure to update either to your latest distro package or to latest version ![]() It affects all currently supported branches, all the details are here on the mailing list announce. We've been notified of a vulnerability in HAProxy that can be exploited to build some request smuggling attacks. Site served using: HTTP version: Transport: Network: Note: HTTP 2 & 3 require HTTPS Your computer is not IPv6-ready TCP/HTTP Load Balancer HAProxy The Reliable, High Performance TCP/HTTP Load Balancer opt/bro/bin/bro: /opt/splunk/lib/libssl.so.1.0.0: version `OPENSSL_1.0.HAProxy - The Reliable, High Perf. 13:47:07,683 ERROR something went wrond during Bro execution: /opt/bro/bin/bro: /opt/splunk/lib/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by /opt/bro/bin/bro) 13:47:07,673 INFO running command = export BRO_SEED_FILE='/opt/splunk/etc/apps/Splunk_TA_bro/bin/bro/bro.seeds' & '/opt/bro/bin/bro' '-C' -r '/stoqdata/bro/inside.pcap' '/opt/splunk/etc/apps/Splunk_TA_bro/bin/bro/extract-all.bro' 13:47:07,669 INFO Parsing /stoqdata/bro/inside.pcap opt/bro/bin/bro: /opt/splunk/lib/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by /opt/bro/bin/bro) 13:11:22,099 ERROR something went wrond during Bro execution: /opt/bro/bin/bro: /opt/splunk/lib/libssl.so.1.0.0: version `OPENSSL_1.0.0' not found (required by /opt/bro/bin/bro) 13:11:22,090 INFO running command = export BRO_SEED_FILE='/opt/splunk/etc/apps/Splunk_TA_bro/bin/bro/bro.seeds' & '/opt/bro/bin/bro' '-C' -r '/stoqdata/bro/inside.pcap' '/opt/splunk/etc/apps/Splunk_TA_bro/bin/bro/extract-all.bro' 13:11:22,085 INFO Parsing /stoqdata/bro/inside.pcap usr/bin/bro: /opt/splunk/lib/libcrypto.so.1.0.0: version `OPENSSL_1.0.0' not found (required by /usr/bin/bro) ![]() 12:25:48,308 ERROR something went wrond during Bro execution: /usr/bin/bro: /opt/splunk/lib/libssl.so.1.0.0: version `OPENSSL_1.0.0' not found (required by /usr/bin/bro) 12:25:48,298 INFO running command = export BRO_SEED_FILE='/opt/splunk/etc/apps/Splunk_TA_bro/bin/bro/bro.seeds' & '/usr/bin/bro' '-C -r' -r '/stoqdata/bro/inside.pcap' '/opt/splunk/etc/apps/Splunk_TA_bro/bin/bro/extract-all.bro' ![]() 12:25:48,298 INFO Parsing /stoqdata/bro/inside.pcap EXCERPTS FROM Splunk_TA_bro.log after ingest pcap: It's only when Splunk attempts to do it, does it fail. I am able to use the Bro binary on my own to analyze PCAP files. Then either use apt-get to install Bro or compile it from source. $ sudo mv GeoLiteCity.dat /usr/share/GeoIP/GeoIPCity.dat $ sudo apt-get install cmake make gcc g++ flex bison libpcap-dev libssl-dev python-dev swig zlib1g-dev In Splunk Web > Settings > Data Inputs > PCAPSīro script: /opt/splunk/etc/apps/Splunk_TA_bro/bin/bro/extract-all.broīro seed file: /opt/splunk/etc/apps/Splunk_TA_bro/bin/bro/bro.seeds Is anyone using the Bro PCAP data input? I must have gone wrong during installation somewhere? I saw there are other similar problems, and the solution was to unset LD_LIBRARY_PATH, but I don't see how I can do that with the Bro binary file. I've also configured the local/nf, but we haven't gotten that far, so Splunk trying to run Bro errors out. The modular input seems fine, being that it sees the PCAP. So I'm confident the version of Bro I'm using is not causing this error. I get the error if I apt-get install Bro OR compile it from source. but reverted back to Bro v2.2 and still got the error. Originally, I tried with current Bro version. Splunk Enterprise standalone instance (v6.6.3) on Ubuntu 16.04.
0 Comments
Leave a Reply. |