[Bro] Ignore Weird Events???
Adriel Desautels
adriel at netragard.com
Wed Jun 4 18:27:55 PDT 2008
Curous, same problem:
Attempt to execute.
zerosum# /usr/local/bro/scripts/bro.rc start
bro.rc: Starting ..........bro.rc: Failed to start Bro
/usr/local/bro/site/zerosum.netragard.com.bro, line 12: error: unknown
identifier Weird::WeirdActivity, at or near "Weird::WeirdActivity"
... FAILED
zerosum#
CWD: /usr/local/bro/site/zerosum.netragard.com.bro
FreeBSD zerosum.netragard.com 6.2-RELEASE-p5 FreeBSD 6.2-RELEASE-p5 #1:
Thu Jul 12 12:10:58 EDT 2007
root at zerosum.netragard.com:/usr/obj/usr/src/sys/ZEROSUM i386
zerosum# more zerosum.netragard.com.bro
# This file should describe your network configuration.
# If your local network is a class C, and its network
# address was 192.168.1.0 and a class B network
# with address space 10.1.0.0.
# Then you would put 192.168.1.0/24 and 10.1.0.0/16 into
# this file, telling bro what your local networks are.
@load site
@load weird
redef notice_action_filters += {
[Weird::WeirdActivity] = ignore_notice,
};
redef local_nets: set[subnet] = {
# example of a class C network
192.168.1.0/24,
# example of a class B network
172.16.15.0/24
};
zerosum#
Regards,
Adriel T. Desautels
Chief Technology Officer
Netragard, LLC.
Office : 617-934-0269
Mobile : 617-633-3821
http://www.linkedin.com/pub/1/118/a45
Join the Netragard, LLC. Linked In Group:
http://www.linkedin.com/e/gis/48683/0B98E1705142
---------------------------------------------------------------
Netragard, LLC - http://www.netragard.com - "We make IT Safe"
Penetration Testing, Vulnerability Assessments, Website Security
Netragard Whitepaper Downloads:
-------------------------------
Choosing the right provider : http://tinyurl.com/2ahk3j
Three Things you must know : http://tinyurl.com/26pjsn
Vern Paxson wrote:
>> I do not have a local.lite.bro file, where's it at?
>
> If you don't, then presumably you're not editing local.site.bro, and
> my original concern doesn't matter.
>
> Vern
-------------- next part --------------
A non-text attachment was scrubbed...
Name: adriel.vcf
Type: text/x-vcard
Size: 298 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20080604/b0937cc8/attachment.vcf
More information about the Bro
mailing list