[Bro] ignoring ContentGap and friends
0100
suroot at gmail.com
Mon Dec 8 13:24:41 PST 2008
Thanks all.
So the good news is that it seems to have found the referenced variables,
but they are creating a type error in the notice_action_filters table:
notice.bro, line 6 and /usr/local/bro/policy/notice.bro, lines 74-75
(enum and table[enum] of function(n:record { note:enum; msg:string;
sub:string; conn:record { id:record { orig_h:addr; orig_p:port; resp_h:addr;
resp_p:port; }; orig:record { size:count; state:count; }; resp:record {
size:count; state:count; }; start_time:time; duration:interval;
service:set[string]; addl:string; hot:count; history:string; }; iconn:record
{ orig_h:addr; resp_h:addr; itype:count; icode:count; len:count; };
id:record { orig_h:addr; orig_p:port; resp_h:addr; resp_p:port; }; src:addr;
dst:addr; p:port; user:string; filename:string; method:string; URL:string;
n:count; src_peer:record { id:count; host:addr; p:port; is_local:bool;
descr:string; class:string; }; tag:string; dropped:bool; captured:string; };
a:enum;) : enum): error, type clash in table initializer
Thoughts? Does this enum need to be updated somewhere?
0100
On Mon, Dec 8, 2008 at 12:56 PM, Robin Sommer <robin at icir.org> wrote:
>
> On Mon, Dec 08, 2008 at 12:09 -0800, 0100 wrote:
>
>
> > http://www.bro-ids.org/wiki/index.php/User_Manual:_Customizing_Bro) on
> how
>
> You're likely using a newer version than this was written for (as it
> seems you already guessed). The variables from weird.bro are now in
> a namespace Weird so you should write Weird::WeirdActivity etc. (and
> also @load weird).
>
> Robin
>
> --
> Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org
> ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20081208/e9f22a9b/attachment.html
More information about the Bro
mailing list