[Bro] Bro and unusual http ports
Castle, Shane
scastle at bouldercounty.org
Tue Nov 20 12:25:19 PST 2012
I was putting this in site/local.bro. If I use the "add" expression, I get this sort of error message:
error in /usr/local/share/bro/policy/misc/loaded-scripts.bro, line 3: syntax error, at or near "module"
The name of the script is determined by whatever is "@load"ed after the occurrence of the "add". In the above, I put as first in local.bro. If I put it in last, I get
error in /usr/local/share/bro/policy/frameworks/control/controllee.bro, line 15: syntax error, at or near "module"
Of course, these are generated by "broctl check".
--
Shane Castle
Data Security Mgr, Boulder County IT
-----Original Message-----
From: Seth Hall [mailto:seth at icir.org]
Sent: Tuesday, November 20, 2012 11:46
To: Castle, Shane
Cc: bro at bro-ids.org List
Subject: Re: [Bro] Bro and unusual http ports
On Nov 20, 2012, at 1:27 PM, "Castle, Shane" <scastle at bouldercounty.org> wrote:
> This is giving me no joy on Bro 2.0, which barfs on seeing the "add" expression. When I try to emulate what base/protocols/http/main.bro does with
You need to make sure that add statement is outside of any event handler. Are you putting it in a bro_init event handler? (it helps if you give us the error message you got when something didn't work) :)
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the Bro
mailing list