[Bro] Ignore Weird Events???
Adriel Desautels
adriel at netragard.com
Wed Jun 4 17:11:33 PDT 2008
Greetings List,
We are currently testing bro and have read the documentation. So far
everything looks pretty good, very interesting technology to say the
least. One question though. Why isn't this working?
# This file should describe your network configuration.
# If your local network is a class C, and its network
# address was 192.168.1.0 and a class B network
# with address space 10.1.0.0.
# Then you would put 192.168.1.0/24 and 10.1.0.0/16 into
# this file, telling bro what your local networks are.
@load site
redef notice_action_filters += {
WeirdActivity = ignore_notice,
};
redef local_nets: set[subnet] = {
# example of a class C network
192.168.1.0/24,
# example of a class B network
172.16.15.0/24
};
Which results in the following Error:
zerosum# ../scripts/bro.rc start
bro.rc: Starting ..........bro.rc: Failed to start Bro
/usr/local/bro/site/zerosum.testme.com.bro, line 11: error: unknown
identifier WeirdActivity, at or near "WeirdActivity"
... FAILED
zerosum#
Did we miss something?
--
Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.
Office : 617-934-0269
Mobile : 617-633-3821
http://www.linkedin.com/pub/1/118/a45
Join the Netragard, LLC. Linked In Group:
http://www.linkedin.com/e/gis/48683/0B98E1705142
---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security
Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: adriel.vcf
Type: text/x-vcard
Size: 298 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20080604/995e35fe/attachment.vcf
More information about the Bro
mailing list