[Bro] Hui Lin_Enable Protocol Analyzer in Bro bare mode
Hui Lin (Hugo)
hlin33 at illinois.edu
Mon Jun 25 13:44:37 PDT 2012
Actually it is quite simple. This is my syslog_message event handler.
event syslog_message(c: connection, facility: count, severity: count, msg:
gUsrID = facility;
print fmt("syslog %d", facility);
findSyslog = T ;
gUsrID and findSyslog are two global variables.
I am not sure why it is not executing. I did not see any print on the
On Mon, Jun 25, 2012 at 3:39 PM, Seth Hall <seth at icir.org> wrote:
> On Jun 25, 2012, at 4:34 PM, Hui Lin (Hugo) wrote:
> > I also like to use a Syslog analyzer to analyze syslog_message event. I
> define syslog_message event in my own script, but this event handler is not
> executed under bare mode? I am wondering what scripts should be loaded to
> enable Syslog analyzer.
> It's enabled by default. Can you show the code you are using that isn't
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro