[Bro] Binpac exception
Vlad Grigorescu
vlad at grigorescu.org
Fri Jul 18 16:47:26 PDT 2014
Hi James,
Try adding this to your local.bro:
> event bro_init() {
> Analyzer::disable_analyzer(Analyzer::ANALYZER_SYSLOG);
> }
This will disable the analyzer, while the code you tried will just disable
the syslog.log output.
Hope that helps,
--Vlad
On Fri, Jul 18, 2014 at 6:51 PM, James Lay <jlay at slave-tothe-box.net> wrote:
> I added the below to remove syslog from getting logged in my local.bro,
> and I do not have a syslog.log as wanted:
>
> event bro_init()
> {
> Log::disable_stream(Syslog::LOG);
> }
>
> However I am seeing a large amount of the below in weird.log:
>
>
> 1405648595.773644 Comss94xWJf5CHpgnl 10.1.2.72 54619
> 10.21.0.23 514 binpac exception: string mismatch at
> /bro-2.3/src/analyzer/protocol/syslog/syslog-protocol.pac:8:
> \x0aexpected pattern: "[[:digit:]]+"\x0aactual data: "syslog message
> here" - F bro
>
>
> My start line:
>
> /usr/local/bin/bro --no-checksums -i eth0 local "Site::local_nets += {
> 192.168.1.0/24 }"
>
> Is there a way I can troubleshoot this? Thank you.
>
> James
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140718/7d6e78fd/attachment.html
More information about the Bro
mailing list