[Bro] report log for error message

Zhai, Jim (MGS) Jim.Zhai at ontario.ca
Fri Aug 8 05:56:20 PDT 2014


Great Thanks,
-Jim 

-----Original Message-----
From: Hosom, Stephen M [mailto:hosom at battelle.org] 
Sent: August-08-14 8:55 AM
To: Zhai, Jim (MGS); bro at bro.org
Subject: RE: report log for error message

Jim, 

It's normally best to prevent these errors by checking to determine if the value exists before using it. 

For example:

	if ( c$smtp?$from )
		## do stuff

Lots of errors within Bro scripts can cause some pretty interesting problems with your cluster.

-----Original Message-----
From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of Zhai, Jim (MGS)
Sent: Friday, August 08, 2014 8:51 AM
To: bro at bro.org
Subject: [Bro] report log for error message

Got a lot of ERROR in report log for the smtp.  "....Reporter::ERROR	field value missing [SMTPurl::c$smtp$from]	....." Is that some way to ignore this record?

-Jim

_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro




More information about the Bro mailing list