[Bro] script working from cmd line but not from local.bro
Kellogg, Brian D (OLN)
bkellogg at dresser-rand.com
Thu Jan 2 15:13:49 PST 2014
I have a script I've been writing for a couple weeks that looks at every connection's total bytes. If the total bytes when the connection is removed from memory is over X bytes then raise a Bro notice. I have a global variable structure defined to keep track of internal hosts that have uploaded more than X bytes in a connection.
The script works find when running it from the command line. The notice.log is created with the custom notice entry. However when I run load this into Bro via the local.bro file the notice is never raised although Bro seems to start and run as it should. I hope I'm missing something really simply as that has been the case in most of the roadblocks I've run into so far. I'm using Elsa in SO to query for the custom Notice entry by simply querying for all notices.
I'm not exporting anything in the script as I do not need to reference anything in it from any other script; I think I'm understanding the export directive correctly.
Thanks for any help.
Thank you,
Brian
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140102/45836bab/attachment.html
More information about the Bro
mailing list