[Bro] report log for error message
johanna at icir.org
Fri Aug 8 05:56:40 PDT 2014
In your scripts, you can (and should) check the existence of optional
values (like from in smtp) using the ?$ operator.
In this case, if c$smtp?$from returns true, the field is set and you can
On 8 Aug 2014, at 5:51, Zhai, Jim (MGS) wrote:
> Got a lot of ERROR in report log for the smtp.
> "....Reporter::ERROR field value missing [SMTPurl::c$smtp$from] ....."
> Is that some way to ignore this record?
> Bro mailing list
> bro at bro-ids.org
More information about the Bro