Bro signatures parse error?
wangliejun
wangliejun at nsfocus.com
Sat Sep 13 01:22:09 PDT 2003
Hi all,
I compiled Bro 0.8a34 & 0.8a20 on a FreeBSD 4.5 box, when I launch Bro with shipped signatures, I get parse error, anyone else encounted the same problem?
for the 0.8a34 package:
[root@ /root/source/bro-pub-0.8a34]> uname -a
FreeBSD FreeBSD_4_5 4.5-RELEASE FreeBSD 4.5-RELEASE #0: Mon Jan 28 14:31:56 GMT 2002 murray at builder.freebsdmall.com:/usr/src/sys/compile/GENERIC i386
[root@ /root/source/bro-pub-0.8a34]> ls *.bro
sig.ex.ssl-worm.bro sig.ex.web-rules.bro
[root@ /root/source/bro-pub-0.8a34]> ./bro -F -i lnc0 -s sig.ex.web-rules.bro -S mt
Error in signature (sig.ex.web-rules.bro:8): parse error
[root@ /root/source/bro-pub-0.8a34]> ./bro -F -i lnc0 -s sig.ex.ssl-worm.bro -S mt
Error in signature (sig.ex.ssl-worm.bro:10): parse error
for the 0.8a20 package, sig.ex.web-rules.bro can be correctly handled, but sig.ex.ssl-worm.bro also has parse error:
[root@ /root/source/bro-pub-0.8a34]> cd ../bro-pub-0.8a20
[root@ /root/source/bro-pub-0.8a20]> ./bro -F -i lnc0 -s sig.ex.web-rules.bro mt
listening on lnc0
^C1063411972.838423 received termination signal
14 packets received on interface lnc0, 0 dropped
1063411972.663260 ? telnet ? 19 192.168.7.133 192.168.7.10 OTH X
[root@ /root/source/bro-pub-0.8a20]> ./bro -F -i lnc0 -s sig.ex.ssl-worm.bro -S mt
Error in rule (line 11): unknown identifier
Error in rule (line 19): unknown identifier
Error in rule (line 27): unknown identifier
I also compiled Bro on a RedHat 7.1 box and got the same error. Any hints or suggestions are welcome!
best regards
Wang
More information about the Bro
mailing list