[Bro] report log for error message
Hosom, Stephen M
hosom at battelle.org
Fri Aug 8 05:55:08 PDT 2014
Jim,
It's normally best to prevent these errors by checking to determine if the value exists before using it.
For example:
if ( c$smtp?$from )
## do stuff
Lots of errors within Bro scripts can cause some pretty interesting problems with your cluster.
-----Original Message-----
From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of Zhai, Jim (MGS)
Sent: Friday, August 08, 2014 8:51 AM
To: bro at bro.org
Subject: [Bro] report log for error message
Got a lot of ERROR in report log for the smtp. "....Reporter::ERROR field value missing [SMTPurl::c$smtp$from] ....." Is that some way to ignore this record?
-Jim
_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
More information about the Bro
mailing list