[Bro] Error with a custom protocol decoder which returns an event with record type object
Emmanuel.TORQUATO at monext.net
Tue Mar 10 09:28:29 PDT 2015
Thanks Seth, it's ok after adding my new type in my init-bare.bro file. It was the missing step !
T. +33 4 42 25 15 51
emmanuel.torquato at monext.net
Merci de penser à l'environnement avant d'imprimer ce message.
Please consider the environment before printing this email.
De : Seth Hall [mailto:seth at icir.org]
Envoyé : mardi 10 mars 2015 06:27
À : Emmanuel TORQUATO
Cc : bro at bro.org
Objet : Re: [Bro] Error with a custom protocol decoder which returns an event with record type object
> On Mar 9, 2015, at 9:09 AM, Emmanuel TORQUATO <Emmanuel.TORQUATO at monext.net> wrote:
> type CBCOM::Message: record;
> Anyone who has an idea or who has worked on the radius decoder could help me ?
You probably just haven’t defined the structure of that record in a Bro script. Built in analyzers at the moment have their script land definitions provided in init-base.bro (for the most part), but if you are writing your analyzer as an external plugin (if you’re working with git master) you can provide the definition in a script shipped with the plugin.
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro