[Bro] many error with bro policy
Lorenzo Cavallaro
sullivan at cs.ucsb.edu
Wed Jul 16 11:53:53 PDT 2008
Hi,
On Wed, Jul 16, 2008 at 02:50:50PM +0000, Paolo Tironi wrote:
> Hi, I've some problems using bro (offline). When I set a policy on bro to
> scan a dump file it happens I have this warnings:
>
> /usr/local/bro/policy//scan.bro, line 92: warning: no such host:
> j5004.inktomisearch.com
[snip]
These hosts don't exist anymore (well, DNS entries for them seem to
not exist anymore). I solved it by just commenting those lines
(anyway it was just a warning saying it couldn't resolve that host).
> Everytime I have this warnings I have also some errors like:
>
> /usr/local/bro/policy//ftp.bro, line 48: run-time error: error compiling
> pattern /(^?.*(.*\.rhosts))|(^?.*(.*\.forward))/
I guess Robin already pointed you out to
http://www.bro-ids.org/wiki/index.php/%22Error_compiling_pattern%22
What version of Bro are you using (here, I've Bro-1.2.1 stable on
GNU/Linux Ubuntu 8.04)?
bye,
Lorenzo
--
Lorenzo `Gigi Sullivan' Cavallaro <sullivan at cs.ucsb.edu>
GPG key at http://security.dico.unimi.it/~sullivan/sullivan.asc
Until I loved, life had no beauty;
I did not know I lived until I had loved. (Theodor Korner)
See the reality in your eyes, when the hate makes you blind. (A.H.X)
More information about the Bro
mailing list