Issue getting bro to load OTX plugin

[dinger1986]

Hello,

I have installed BRO-OTX as suggested but there is no intel.log file and also in /usr/local/bro/logs/current/loaded_scripts.log there is no record of otx, Am I doing something wrong?

I have installed bro-otx into /usr/local/bro/share/bro/policy/bro-otx and in load.bro I have @load bro-otx

I have ran /usr/local/bro/bin/broctl check and get no errors about otx (and when I make the path wrong it gives me an error).

Im sure its simple, if you can point me in the right direction that would be great!

Daniel

[hosom]

You should probably place bro-otx in /usr/local/bro/share/bro/site.

In that directory is a file named local.bro. You need to modify that file to include @load bro-otx once you have moved bro-otx into that directory.

[0bsolescence]

Spent a little bit troubleshooting this a bit, as we ran into the same issue. Unzipping the package from here resulted in the creation of /usr/local/bro/share/bro/site/bro-otx-master. Renamed bro-otx-master to bro-otx. I then checked the config with broctl and received a new error stating:

error in /opt/bro/share/bro/site/local.bro, line 104: Failed to open package `/opt/bro/share/bro/site/bro-otx`: missing `__load__.bro` file
fatal error in /opt/bro/share/bro/site/local.bro, line 104: can't open /opt/bro/share/bro/site/bro-otx/__load__.bro

I then copied the __load__.bro file from /opt/bro/share/bro/site/bro-otx/scripts/ to /opt/bro/share/bro/site/bro-otx/. I then checked again from broctl and everything checked out.