[Bro] Notifications from Local.bro
Damon Rouse
damonrouse at gmail.com
Mon May 19 23:15:29 PDT 2014
Thanks Bernhard
I’m all good now…Looks like this one was removed too (got the same error): HTTP::Malware_Hash_Registry_Match
Is there a link to all the notice types somewhere for a beginner like me?
Thanks
Damon
On May 19, 2014, at 10:57 PM, Bernhard Amann <bernhard at ICSI.Berkeley.EDU> wrote:
> HTTP::Incorrect_File_Type was removed with an overhaul of the files framework even before 2.2, if I read the git commit log correctly. So - you probably just want to remove that one from your script.
>
> Bernhard
>
> On 19 May 2014, at 22:39, Damon Rouse wrote:
>
>> Here’s the output of the diag after I uncommented redef and restarted BRO. Not sure why it’s saying the HTTP::Incorrect_File_Type is an unknown identifier. Thanks for your help
>>
>> Damon
>>
>> sudo broctl diag
>> waiting for lock ..... ok
>> [manager]
>>
>> Bro 2.2
>> Linux 3.2.0-61-generic
>>
>>
>> ==== No reporter.log
>>
>> ==== stderr.log
>> error in /nsm/bro/spool/installed-scripts-do-not-touch/site/local.bro, line 99: unknown identifier HTTP::Incorrect_File_Type, at or near "HTTP::Incorrect_File_Type"
>>
>> ==== stdout.log
>> unlimited
>> unlimited
>> unlimited
>>
>> ==== .cmdline
>> -U .status -p broctl -p broctl-live -p local -p manager local.bro broctl base/frameworks/cluster local-manager.bro broctl/auto
>>
>> ==== .env_vars
>> PATH=/opt/bro/bin:/opt/bro/share/broctl/scripts:/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
>> BROPATH=/nsm/bro/spool/installed-scripts-do-not-touch/site::/nsm/bro/spool/installed-scripts-do-not-touch/auto:/opt/bro/share/bro:/opt/bro/share/bro/policy:/opt/bro/share/bro/site
>> CLUSTER_NODE=manager
>>
>> ==== .status
>> TERMINATED [atexit]
>>
>> ==== No prof.log
>>
>> ==== No packet_filter.log
>>
>> ==== No loaded_scripts.log
>> [proxy]
>>
>> Bro 2.2
>> Linux 3.2.0-61-generic
>>
>>
>> ==== No reporter.log
>>
>> ==== No stderr.log
>>
>> ==== No stdout.log
>>
>> ==== No .cmdline
>>
>> ==== No .env_vars
>>
>> ==== No .status
>>
>> ==== No prof.log
>>
>> ==== No packet_filter.log
>>
>> ==== No loaded_scripts.log
>> [essorgso-eth1-1]
>>
>> Bro 2.2
>> Linux 3.2.0-61-generic
>>
>>
>> ==== No reporter.log
>>
>> ==== No stderr.log
>>
>> ==== No stdout.log
>>
>> ==== No .cmdline
>>
>> ==== No .env_vars
>>
>> ==== No .status
>>
>> ==== No prof.log
>>
>> ==== No packet_filter.log
>>
>> ==== No loaded_scripts.log
>> [essorgso-eth1-2]
>>
>> Bro 2.2
>> Linux 3.2.0-61-generic
>>
>>
>> ==== No reporter.log
>>
>> ==== No stderr.log
>>
>> ==== No stdout.log
>>
>> ==== No .cmdline
>>
>> ==== No .env_vars
>>
>> ==== No .status
>>
>> ==== No prof.log
>>
>> ==== No packet_filter.log
>>
>> ==== No loaded_scripts.log
>> [essorgso-eth1-3]
>>
>> Bro 2.2
>> Linux 3.2.0-61-generic
>>
>>
>> ==== No reporter.log
>>
>> ==== No stderr.log
>>
>> ==== No stdout.log
>>
>> ==== No .cmdline
>>
>> ==== No .env_vars
>>
>> ==== No .status
>>
>> ==== No prof.log
>>
>> ==== No packet_filter.log
>>
>> ==== No loaded_scripts.log
>> [essorgso-eth1-4]
>>
>> Bro 2.2
>> Linux 3.2.0-61-generic
>>
>>
>> ==== No reporter.log
>>
>> ==== No stderr.log
>>
>> ==== No stdout.log
>>
>> ==== No .cmdline
>>
>> ==== No .env_vars
>>
>> ==== No .status
>>
>> ==== No prof.log
>>
>> ==== No packet_filter.log
>>
>> ==== No loaded_scripts.log
>> [essorgso-eth1-5]
>>
>> Bro 2.2
>> Linux 3.2.0-61-generic
>>
>>
>> ==== No reporter.log
>>
>> ==== No stderr.log
>>
>> ==== No stdout.log
>>
>> ==== No .cmdline
>>
>> ==== No .env_vars
>>
>> ==== No .status
>>
>> ==== No prof.log
>>
>> ==== No packet_filter.log
>>
>> ==== No loaded_scripts.log
>> [essorgso-eth1-6]
>>
>> Bro 2.2
>> Linux 3.2.0-61-generic
>>
>>
>> ==== No reporter.log
>>
>> ==== No stderr.log
>>
>> ==== No stdout.log
>>
>> ==== No .cmdline
>>
>> ==== No .env_vars
>>
>> ==== No .status
>>
>> ==== No prof.log
>>
>> ==== No packet_filter.log
>>
>> ==== No loaded_scripts.log
>> [essorgso-eth1-7]
>>
>> Bro 2.2
>> Linux 3.2.0-61-generic
>>
>>
>> ==== No reporter.log
>>
>> ==== No stderr.log
>>
>> ==== No stdout.log
>>
>> ==== No .cmdline
>>
>> ==== No .env_vars
>>
>> ==== No .status
>>
>> ==== No prof.log
>>
>> ==== No packet_filter.log
>>
>> ==== No loaded_scripts.log
>> [essorgso-eth1-8]
>>
>> Bro 2.2
>> Linux 3.2.0-61-generic
>>
>>
>> ==== No reporter.log
>>
>> ==== No stderr.log
>>
>> ==== No stdout.log
>>
>> ==== No .cmdline
>>
>> ==== No .env_vars
>>
>> ==== No .status
>>
>> ==== No prof.log
>>
>> ==== No packet_filter.log
>>
>> ==== No loaded_scripts.log
>> [essorgso-eth2-1]
>>
>> Bro 2.2
>> Linux 3.2.0-61-generic
>>
>>
>> ==== No reporter.log
>>
>> ==== No stderr.log
>>
>> ==== No stdout.log
>>
>> ==== No .cmdline
>>
>> ==== No .env_vars
>>
>> ==== No .status
>>
>> ==== No prof.log
>>
>> ==== No packet_filter.log
>>
>> ==== No loaded_scripts.log
>> [essorgso-eth2-2]
>>
>> Bro 2.2
>> Linux 3.2.0-61-generic
>>
>>
>> ==== No reporter.log
>>
>> ==== No stderr.log
>>
>> ==== No stdout.log
>>
>> ==== No .cmdline
>>
>> ==== No .env_vars
>>
>> ==== No .status
>>
>> ==== No prof.log
>>
>> ==== No packet_filter.log
>>
>> ==== No loaded_scripts.log
>> [essorgso-eth2-3]
>>
>> Bro 2.2
>> Linux 3.2.0-61-generic
>>
>>
>> ==== No reporter.log
>>
>> ==== No stderr.log
>>
>> ==== No stdout.log
>>
>> ==== No .cmdline
>>
>> ==== No .env_vars
>>
>> ==== No .status
>>
>> ==== No prof.log
>>
>> ==== No packet_filter.log
>>
>> ==== No loaded_scripts.log
>> [essorgso-eth2-4]
>>
>> Bro 2.2
>> Linux 3.2.0-61-generic
>>
>>
>> ==== No reporter.log
>>
>> ==== No stderr.log
>>
>> ==== No stdout.log
>>
>> ==== No .cmdline
>>
>> ==== No .env_vars
>>
>> ==== No .status
>>
>> ==== No prof.log
>>
>> ==== No packet_filter.log
>>
>> ==== No loaded_scripts.log
>> [essorgso-eth2-5]
>>
>> Bro 2.2
>> Linux 3.2.0-61-generic
>>
>>
>> ==== No reporter.log
>>
>> ==== No stderr.log
>>
>> ==== No stdout.log
>>
>> ==== No .cmdline
>>
>> ==== No .env_vars
>>
>> ==== No .status
>>
>> ==== No prof.log
>>
>> ==== No packet_filter.log
>>
>> ==== No loaded_scripts.log
>> [essorgso-eth2-6]
>>
>> Bro 2.2
>> Linux 3.2.0-61-generic
>>
>>
>> ==== No reporter.log
>>
>> ==== No stderr.log
>>
>> ==== No stdout.log
>>
>> ==== No .cmdline
>>
>> ==== No .env_vars
>>
>> ==== No .status
>>
>> ==== No prof.log
>>
>> ==== No packet_filter.log
>>
>> ==== No loaded_scripts.log
>> [essorgso-eth2-7]
>>
>> Bro 2.2
>> Linux 3.2.0-61-generic
>>
>>
>> ==== No reporter.log
>>
>> ==== No stderr.log
>>
>> ==== No stdout.log
>>
>> ==== No .cmdline
>>
>> ==== No .env_vars
>>
>> ==== No .status
>>
>> ==== No prof.log
>>
>> ==== No packet_filter.log
>>
>> ==== No loaded_scripts.log
>> [essorgso-eth2-8]
>>
>> Bro 2.2
>> Linux 3.2.0-61-generic
>>
>>
>> ==== No reporter.log
>>
>> ==== No stderr.log
>>
>> ==== No stdout.log
>>
>> ==== No .cmdline
>>
>> ==== No .env_vars
>>
>> ==== No .status
>>
>> ==== No prof.log
>>
>> ==== No packet_filter.log
>>
>> ==== No loaded_scripts.log
>> On May 19, 2014, at 5:43 PM, Siwek, Jonathan Luke <jsiwek at illinois.edu> wrote:
>>
>>>
>>> On May 19, 2014, at 5:58 PM, Damon Rouse <damonrouse at gmail.com> wrote:
>>>
>>>> The error is: manager terminated immediately after starting; check output with "diag"
>>>>
>>>> Can you only have one redef statement in the local.bro file? Or did I make a mistake somewhere?
>>>
>>> More than one redef is fine. After the failed start, if you do `broctl diag`, it may give more of a clue as to what’s wrong. Can you share the output of that if you need more help interpreting the error?
>>>
>>> - Jon
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 496 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20140519/025ba404/attachment.bin
More information about the Bro
mailing list