[Bro] Hui Lin_Enable Protocol Analyzer in Bro bare mode
Hui Lin (Hugo)
hlin33 at illinois.edu
Mon Jun 25 13:44:37 PDT 2012
Actually it is quite simple. This is my syslog_message event handler.
@load frameworks/communication/listen
....
event syslog_message(c: connection, facility: count, severity: count, msg:
string)
{
gUsrID = facility;
print fmt("syslog %d", facility);
findSyslog = T ;
}
gUsrID and findSyslog are two global variables.
I am not sure why it is not executing. I did not see any print on the
console.
Best,
Hui
On Mon, Jun 25, 2012 at 3:39 PM, Seth Hall <seth at icir.org> wrote:
>
> On Jun 25, 2012, at 4:34 PM, Hui Lin (Hugo) wrote:
>
> > I also like to use a Syslog analyzer to analyze syslog_message event. I
> define syslog_message event in my own script, but this event handler is not
> executed under bare mode? I am wondering what scripts should be loaded to
> enable Syslog analyzer.
>
> It's enabled by default. Can you show the code you are using that isn't
> working?
>
> .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120625/c9562c6a/attachment.html
More information about the Bro
mailing list