[Bro] script working from cmd line but not from local.bro
Kellogg, Brian D (OLN)
bkellogg at dresser-rand.com
Fri Jan 3 12:04:49 PST 2014
I believe some of the problem is my formatting. I added some stuff back into the simpler script along with the changes that Justin recommended and had the same problem. I then went in and moved {} for the "if else" statements to their own lines like I see in the scripts that ship with Bro and then the script works. I haven't tried the entire more complex script yet, but I'll let this run and add to it over the weekend. Thanks for all the help and input.
Thank you,
Brian Kellogg
Security Analyst; IT Governance, Risk, and Compliance
500 Paul Clark Drive, Olean, NY 14760
T: (716) 375-3186 | F: (716) 375-3557
-----Original Message-----
From: Seth Hall [mailto:seth at icir.org]
Sent: Friday, January 03, 2014 9:08 AM
To: Kellogg, Brian D (OLN)
Cc: bro at bro.org
Subject: Re: [Bro] script working from cmd line but not from local.bro
On Jan 2, 2014, at 6:13 PM, "Kellogg, Brian D (OLN)" <bkellogg at dresser-rand.com> wrote:
> I have a script I've been writing for a couple weeks that looks at every connection's total bytes. If the total bytes when the connection is removed from memory is over X bytes then raise a Bro notice. I have a global variable structure defined to keep track of internal hosts that have uploaded more than X bytes in a connection.
Please post the script so we can review it.
Thanks,
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list