[Bro] Intel framework troubleshooting on Bro 2.5
hovsep.sanjay.levi at gmail.com
Fri Oct 7 09:43:46 PDT 2016
Nothing stands out. Looking at base/frameworks/intel/input.bro is there a
way to hook Input::add_event and have those events written to a log file ?
I tried moving a new intel file into place but didn't notice anything in
reporter.log or stderr.
ex: cp master-public.bro.dat master-public.bro.dat.new && mv
On Fri, Oct 7, 2016 at 4:03 PM, Azoff, Justin S <jazoff at illinois.edu> wrote:
> > On Oct 7, 2016, at 11:56 AM, Hovsep Levi <hovsep.sanjay.levi at gmail.com>
> > Are there any tricks to use when debugging the Intel framework that
> would show parsing errors ?
> First step would be to check reporter.log and stderr.log on the manager.
> - Justin Azoff
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro