[Bro-Dev] BiF parsing index types
Robin Sommer
robin at icir.org
Tue May 17 21:01:00 PDT 2011
On Tue, May 17, 2011 at 11:16 -0400, you wrote:
> I wasn't aware of being able to specify and print a single variable
> from bro, as you did above, but ecstatic about how much easier that
> will make things when troubleshooting.
Are you aware of broctl's "print" command? That shows you the value of
variable at runtime. Try running that with
"okay_to_lookup_sensitive_hosts" to see if the broctl configuration
gets it right.
> /usr/local/bro/share/bro/scan.bro, line 117: internal error: NB-DNS
> error in DNS_Mgr::WaitForReplies (ns_initparse(): Message too long)
> Abort trap: 6 (core dumped)
These kind of errors usually indicate trouble with the system's DNS
setup. However, I don't think I've ever seen the "message too long"
message.
Robin
--
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the bro-dev
mailing list