[Bro] Policy debug
Vern Paxson
vern at icir.org
Sun Sep 21 13:04:44 PDT 2008
> The cmd line is : src/bro -d -r (pcap) http_lite.bro
What is http_lite.bro?
In particular, the problem you are running into sounds like the packet-capture
filter isn't set to a value that matches the traffic you want to analyze.
You can see what the filter is by adding print-filter.bro to your command
line, which will cause Bro to print the filter and exit.
Also note that the interactive debugger (-d) has not been maintained for
a while and has some significant problems :-(, so unfortunately you shouldn't
trust it for tracking down script bugs.
Vern
More information about the Bro
mailing list