[Bro] report log for error message

Johanna Amann johanna at icir.org
Fri Aug 8 05:56:40 PDT 2014


In your scripts, you can (and should) check the existence of optional 
values (like from in smtp) using the ?$ operator.

In this case, if c$smtp?$from returns true, the field is set and you can 
access it.

Johanna

On 8 Aug 2014, at 5:51, Zhai, Jim (MGS) wrote:

> Got a lot of ERROR in report log for the smtp.  
> "....Reporter::ERROR	field value missing [SMTPurl::c$smtp$from]	....." 
> Is that some way to ignore this record?
>
> -Jim
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



More information about the Bro mailing list