[Bro] how to add new event to Bro
Aashish Sharma
aashish at uiuc.edu
Wed Apr 6 14:49:10 PDT 2005
Your second question :
I think due to interdependency of signature related policy files they all need to be loaded or (not loaded) together.
You need to define use_signatures variable in ../policy/brolite.bro as T (true) for enabling all the signature related policy files to be loaded.
Aashish Sharma
On Wed, Apr 06, 2005 at 05:16:26PM -0400, bchen at cs.ucf.edu wrote:
> Another problem I met when I tried to run Bro (./bro.rc --start) in Fedora 3.
> Success message was displayed on the screen. But when I check the status, it is
> not running. After I tried to run Bro again, the following error message
> appears:
> =============================================================================
> [root at localhost etc]# ./bro.rc --start
> bro.rc: Running as non-root user root
> bro.rc: Starting .........Warning: bad syntax, perhaps a bogus '-'? See
> /usr/share/doc/procps-3.2.3/FAQ
> bro.rc: Failed to start Bro
> Error in signature (signatures:1803): unknown identifier (dataSizeG100)
> Error in signature (signatures:1815): unknown identifier (dataSizeG100)
> Error in signature (signatures:1838): unknown identifier (dataSizeG100)
> Error in signature (signatures:1850): unknown identifier (dataSizeG100)
> ...................
> .... FAILED
> =============================================================================
>
> I then comment out the following statements in my locat site, Bro works
> properly.
>
> redef signature_files += "sig-addendum";
> redef signature_files += "signatures";
>
> Does anyone know what's this problem?
>
> thanks for your time
>
> Bing
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list