[Bro] Intel alerts not showing up in the notice log
dave.a.florek at gmail.com
Thu May 4 11:07:04 PDT 2017
Thanks for the response. I'm still not seeing the Intel.log entries show up
in my notice.log. I confirmed I have the @load
and @load frameworks/intel/seen in my local.bro file and the 'T' switch set
on my DAT file entries. I'm not sure what to try next.
> Date: Tue, 2 May 2017 16:06:37 -0500
> From: Mike Dopheide <dopheide at gmail.com>
> Subject: Re: [Bro] Intel alerts not showing up in the notice log
> To: Dave Florek <dave.a.florek at gmail.com>
> Cc: "bro at bro.org" <bro at bro.org>
> Content-Type: text/plain; charset="utf-8"
> I haven't read the whole thread, but you may need:
> @load policy/frameworks/intel/do_notice
> As well as have "meta.do_notice" set to T in your .dat files.
>> On Tue, May 2, 2017 at 3:36 PM, Dave Florek <dave.a.florek at gmail.com>
>> Good afternoon,
>> Was there a resolution to this thread? I'm having the same issue on a
>> default build and I'm not sure where to start.
>> Bro mailing list
>> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro