[Bro] modifying bro.init
Seth Hall
hall.692 at osu.edu
Wed Feb 3 20:03:54 PST 2010
On Feb 3, 2010, at 9:55 PM, daniela.miao at utoronto.ca wrote:
> Thanks for your help before. I found that the DNS parser was giving me
> trouble due to many of the IP checksum errors. I don't really care
> much about these errors anyways.
Ah, that trips up everyone eventually I think. :)
> I understand the boolean value of ignore_checksum is set to False in
> bro.init, do I just modify this file?
Nope, you don't modify the bro.init script. See below.
> I apologize if the issue seems trivial, I'm just starting to get the
> hang of the language.
You have two options.
Either in a script you write and load on the command line...
redef ignore_checksum=T;
or run Bro this way....
bro -r test.pcap dns ignore_checksum=T
Feel free to ask more questions!
.Seth
---
Seth Hall
Network Security - Office of the CIO
The Ohio State University
Phone: 614-292-9721
More information about the Bro
mailing list