[Bro] Startup cleanup

Aashish Sharma asharma at lbl.gov
Thu Aug 24 10:15:16 PDT 2017


> Broxygen comment" lines.  That basically just means someone (Aashish!) used
( I knew had to be me involved somewhere - apologies )

I think Broxygen pointing to intel-framework is merely an artifact. Issue is you
are running smtp-embedded-urls-bloom.bro where I have "##" in comments and
broxygen doesn't like it. (this script is rather quite old version)

I believe have cleaned up code here:

https://github.com/initconf/smtp-analysis

I'll send a followup email in a little bit with a link to more latest stuff.
Just want ot make sure its cleaned up before I share the link with you. 

Aashish 


On Thu, Aug 24, 2017 at 11:18:56AM -0500, Mike Dopheide wrote:
> Not sure about that end bit, but you can ignore all the "extraneous
> Broxygen comment" lines.  That basically just means someone (Aashish!) used
> two ##'s to start a comment.  It's a habit I have as well so I see those
> all the time.
> 
> -Dop
> 
> On Thu, Aug 24, 2017 at 10:56 AM, James Lay <jlay at slave-tothe-box.net>
> wrote:
> 
> > So here's my startup line and standard output
> >
> > sudo /usr/local/bro/bin/bro -C -i eth0 -i eth1 --filter 'not ((host
> > x.x.x.x and net 192.168.1.0/24) and (tcp port <snip> or tcp port <snip>
> > )) and not ip6' local "Site::local_nets += { x.x.x.x/32,192.168.1.0/24
> > }"
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/__load__.bro, line
> > 1: Discarded extraneous Broxygen comment: check link in mail_links
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/__load__.bro, line
> > 1: Discarded extraneous Broxygen comment: for
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/__load__.bro, line
> > 1: Discarded extraneous Broxygen comment:  print fmt ("log_mine
> > Log_mime: %s", rec);
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/__load__.bro, line
> > 1: Discarded extraneous Broxygen comment: aashish: need to port to file
> > analysis framework
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> > /conn-established.bro,
> > line 1: Discarded extraneous Broxygen comment: check link in mail_links
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> > /conn-established.bro,
> > line 1: Discarded extraneous Broxygen comment: for
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> > /conn-established.bro,
> > line 1: Discarded extraneous Broxygen comment:        print fmt
> > ("log_mine Log_mime: %s", rec);
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> > /conn-established.bro,
> > line 1: Discarded extraneous Broxygen comment: aashish: need to port to
> > file analysis framework
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> > /conn-established.bro,
> > line 1: Discarded extraneous Broxygen comment: check link in mail_links
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> > /conn-established.bro,
> > line 1: Discarded extraneous Broxygen comment: for
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> > /conn-established.bro,
> > line 1: Discarded extraneous Broxygen comment:        print fmt
> > ("log_mine Log_mime: %s", rec);
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> > /conn-established.bro,
> > line 1: Discarded extraneous Broxygen comment: aashish: need to port to
> > file analysis framework
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> > /./where-locations.bro,
> > line 1: Discarded extraneous Broxygen comment: check link in mail_links
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> > /./where-locations.bro,
> > line 1: Discarded extraneous Broxygen comment: for
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> > /./where-locations.bro,
> > line 1: Discarded extraneous Broxygen comment:       print fmt
> > ("log_mine Log_mime: %s", rec);
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> > /./where-locations.bro,
> > line 1: Discarded extraneous Broxygen comment: aashish: need to port to
> > file analysis framework
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> > /./where-locations.bro,
> > line 1: Discarded extraneous Broxygen comment: check link in mail_links
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> > /./where-locations.bro,
> > line 1: Discarded extraneous Broxygen comment: for
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> > /./where-locations.bro,
> > line 1: Discarded extraneous Broxygen comment:       print fmt
> > ("log_mine Log_mime: %s", rec);
> > internal warning in
> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> > /./where-locations.bro,
> > line 1: Discarded extraneous Broxygen comment: aashish: need to port to
> > file analysis framework
> > <params>, line 1: listening on eth0
> >
> > <params>, line 1: listening on eth1
> >
> > 1503589314.254774 error in <params>, line 1: Bad IP address: 5
> > 1503589314.254774 error in <params>, line 1: Bad IP address: 6
> > 1503589314.254774 error in <params>, line 1: Bad IP address: 1
> >
> > Anything I need to be concerned about here?  Thank you.
> >
> > James
> > _______________________________________________
> > Bro mailing list
> > bro at bro-ids.org
> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> >

> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro



More information about the Bro mailing list