[Bro] Field value missing

Javier Richard Quinto Ancieta richardqa at gmail.com
Sun Mar 29 20:55:44 PDT 2015

Greetings all,

I am new to Bro, and I hope you can help me.

I read the following  documentation:

Exactly, this part of the code:

hook Notice::policy(n: Notice::Info)
( n$note == SSH::Password_Guessing  && n$id$resp_h ==
    add  n$actions[Notice::ACTION_EMAIL];

And write it in the file ../local.bro

But, when I generate an attack to IP (, and I got an error:  "*field
value missing [n$id]*" .

I use  *bro -i eth0 local *to debug logs in live

I did many changes, also I use "$id?$resp_h" to check errors, and i got the
same error. I am sorry but I am new with Bro and I would like to know How
can I fix that?.

Thank you

Saludos Cordiales
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150330/5df6bd42/attachment.html 

More information about the Bro mailing list