[Bro] Quick Notice question
James Lay
jlay at slave-tothe-box.net
Fri Jan 24 10:21:39 PST 2014
On 2014-01-24 09:48, Kellogg, Brian D (OLN) wrote:
> I've added a little more smarts to the script as I become more
> familiar with bro scripting. I'm simply amazed at the possibilities
> of Bro; thank you to those who have and continue to develop this
> awesome tool. I wish I had run across it five years ago. Attached
> is
> the current iteration. I'm trying to keep track of and alert on
> hosts
> that have multiple large upload events in a given time and any
> destination hosts that have seen multiple uploads over a given time.
> To disable the mail alerts just comment out the below. If any of my
> inline comments are unclear yell at me.
So I've completely removed and re-installed bro-2.2. Here's what I get
when I try and test the script:
[11:11:47 @analysis:~/brostuff/testbrofiles$] bro largeTx.bro
error in ./largeTx.bro, line 7: unrecognized character -
error in ./largeTx.bro, line 8: unrecognized character -
<redacted>
error in ./largeTx.bro, line 96: unrecognized character -
error in ./largeTx.bro, line 97: unrecognized character -
I've tried just downloading the file from email, copying and pasting as
text, and even getting rid of the tab control characters. The below
snippet works though:
event bro_init()
{
print "Hello World!";
}
[11:15:15 @analysis:~/brostuff/testbrofiles$] bro helloworld.bro
Hello World!
If I copy the script to /usr/local/bro/share/bro/site, add it to
local.bro with "@load largeTx.bro", start broctl, install, then start, I
get a fail and diag shows the same as above.
Am I missing something obvious? Thank you.
James
More information about the Bro
mailing list