[Bro] a odd problem
Cliff
zhangwei at comexgenesys.com
Sat Sep 18 00:07:36 PDT 2004
Hi Vern,
I ran the following command,not set "-w" switch,and still generated the output.
So I feel very confused.
[cliff at oradata bro-pub-0.9a3]$ ./bro mt -i eth0
input in flex scanner failed
[cliff at oradata bro-pub-0.9a3]$ ./bro -i eth0 mt
input in flex scanner failed
mt.bro is as follwoing:
# $Id: mt.bro,v 1.1.1.1 2004/04/30 00:31:28 jason Exp $
@load log
@load dns-lookup
@load hot
@load frag
@load tcp
@load scan
@load weird
@load finger
@load ident
@load ftp
@load login
@load portmapper
@load ntp
@load tftp
Thanks,
Cliff
----- Original Message -----
From: "Vern Paxson" <vern at icir.org>
To: "Cliff" <zhangwei at comexgenesys.com>
Cc: <bro at bro-ids.org>
Sent: Friday, September 17, 2004 10:56 PM
Subject: Re: [Bro] a odd problem
> > I encounter a odd problem when i run *bro* today.
> >
> > # ./bro my -w /home/zw/bro09171617.dump
>
> Flags need to come before policy scripts. It's interpreting "-w" and
> "/home/zw/bro09171617.dump" as scripts to interpret. I would've expected
> it to stop by saying "error: can't open -w" (that's what it does for me),
> unless you happen to have a file "-w" in your Bro searchpath. Do you
> have such a file? Can you send me the tcpdump trace file, so I can see
> if I can reproduce this?
>
> Vern
> _______________________________________________
> Bro mailing list
> Bro at ICSI.Berkeley.EDU
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
More information about the Bro
mailing list