[Bro] Unable to debug policies
Fabian Hensel
irdeto at gmail.com
Mon Nov 19 03:45:15 PST 2007
Hi
I am trying to debug policy files with the -d parameter (version
1.3.2). When I try to enter any debug command ("b
connection_established" in the example), it gets misinterpreted and I
get output similar to this:
root at idsvmifi:/home/irdeto98/bro-1.3.2/out# bin/bro -i eth0 -d brolite
Policy file debugging ON.
listening on eth0
In bro_init() at policy/pcap.bro:99
99 update_default_pcap_filter();
(Bro [0]) b connection_established
Breakpoint 1 set at policy/pcap.bro:99
Ambiguous command; could be
continue
cond
No Matching command for 'nn'.
No Matching command for 'ec'.
No Matching command for 'ti'.
No Matching command for 'on'.
No Matching command for '_e'.
In update_default_pcap_filter() at policy/pcap.bro:86
86 default_pcap_filter = build_default_pcap_filter();
No Matching command for 'ab'.
82 global default_pcap_filter = "<not set>";
83
84 function update_default_pcap_filter()
85 {
86 default_pcap_filter = build_default_pcap_filter();
87
88 if ( ! precompile_pcap_filter(DefaultPcapFilter,
default_pcap_filter) )
89 {
90 print fmt("can't compile filter %s",
default_pcap_filter);
91 exit();
No Matching command for 'sh'.
No Matching command for 'ed'.
Ambiguous command; could be
help
quit
next
s
c
finish
b
cond
d
clear
dis
enable
ignore
set
where
frame
up
down
info
l
display
undisplay
trace
(Bro [1]) (Bro [2]) (Bro [3]) (Bro [4]) (Bro [5]) (Bro [6]) (Bro [7])
(Bro [8]) (Bro [9]) (Bro [10]) (Bro [11]) (Bro [12]) (Bro [13])
Running on Ubuntu 7.10. Anyone have an idea what is wrong? My
suspicion is something with termcap/ncurses...
Regards - Fabian
More information about the Bro
mailing list