[Bro] Bro Error: fatal error in <no location>: Val::CONVERTER(string/record)

(peter) 45070198 at qq.com
Tue Apr 15 06:28:30 PDT 2014


Hi vladg,

Thank you very much. I modify the code follow your direction, it works now.

The code which works well is here, maybe someone need it :)

module POP3;

export {
        redef enum Log::ID += { LOG };

        type Info: record {
                ts:      time     &log;
                orig_h:     addr     &log;
                orig_p: port     &log;
                resp_h:     addr     &log;
                resp_p: port     &log;
                command: string   &log;
                arg:     string   &log;
        };

        global log_pop: event(rec: Info);
}

redef record connection += {
        pop3:   Info &optional;
};

const ports = { 110/tcp };
redef likely_server_ports += { ports };

event bro_init() &priority=5
{
        Log::create_stream(POP3::LOG, [$columns=POP3::Info, $ev=log_pop]);
        Analyzer::register_for_ports(Analyzer::ANALYZER_POP3, ports);
}

function set_session(c: connection, command: string, arg: string): Info
{
        local l: Info;

        l$ts = network_time();
        l$orig_h = c$id$orig_h;
        l$orig_p = c$id$orig_p;
        l$resp_h = c$id$resp_h;
        l$resp_p = c$id$resp_p;

        l$command = command;
        l$arg = arg;

        return l;
}

event pop3_request(c: connection, is_orig: bool, command: string, arg: string) &priority=5
{

        local myinfo: Info;
        myinfo = set_session(c, command, arg);

        Log::write(POP3::LOG, myinfo);
}



------------------ Original ------------------
From:  "Vlad Grigorescu";<vladg at cmu.edu>;
Date:  Tue, Apr 15, 2014 09:02 PM
To:  "(peter)"<45070198 at qq.com>; 
Cc:  "bro"<bro at bro.org>; 
Subject:  Re: [Bro] Bro Error: fatal error in <no location>: Val::CONVERTER(string/record)




On Apr 15, 2014, at 8:36 AM, (peter) <45070198 at qq.com> wrote:

> event pop3_request(c: connection, is_orig: bool, command: string, arg: string) &priority=5
> {
>     Log::write(LOG, command);
> }

Command needs to be an Info record. You're passing a string. You'll need to fill out an Info record and log that.

>     type Info: record {
>         ts:      time     &log;
>         src:     addr     &log;
>         srcport: port     &log;
>         dst:     addr     &log;
>         dstport: port     &log;
>     };  

Take a look at the other Bro scripts. This isn't a good Bro Info record. You're even using different terminology (Bro doesn't have the concept of a "source" or "destination" - it's "originator" and "responder.")

  --Vlad
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140415/e8d783f5/attachment.html 


More information about the Bro mailing list