[Bro] ignoring ContentGap and friends
rmkml
rmkml at free.fr
Mon Dec 8 10:36:10 PST 2008
Hi,
maybe add `Weird::`, example:
Weird::WeirdActivity, Weird::ContentGap = ignore_notice,
Regards
Rmkml
Crusoe-Researches.com
On Mon, 8 Dec 2008, 0100 wrote:
> Date: Mon, 8 Dec 2008 12:09:15 -0800
> From: 0100 <suroot at gmail.com>
> To: bro at ICSI.Berkeley.EDU
> Subject: [Bro] ignoring ContentGap and friends
>
> Hi.
>
> New to bro so this is probably a dumb question.
>
> I'm following the instructions here (http://www.bro-ids.org/wiki/index.php/User_Manual:_Customizing_Bro) on how to squelch the ContentGap and various other
> messages. Here's my config file:
>
> @load bittorrent
> @load bt-tracker
>
> redef notice_action_filters += {
> WeirdActivity, ContentGap = ignore_notice,
> };
>
> When I run this, I get:
>
> Line 6: error: unknown identifier WeirdActivity, at or near "WeirdActivity"
>
> I couldn't figure out if these have been renamed or what?
>
> Thanks for the help...
>
> 0100
>
>
More information about the Bro
mailing list