[Bro] Mal-dnssearch issue
Jon Schipp
jonschipp at gmail.com
Fri Oct 10 10:22:41 PDT 2014
Hello James,
Sorry, I've been really busy. Thanks for reporting, I'll look into it.
For any specific issue with the script you can create an issue on
Github and I'll take care of it :)
On Fri, Oct 10, 2014 at 9:44 AM, James Lay <jlay at slave-tothe-box.net> wrote:
> On 2014-10-09 15:48, James Lay wrote:
>> Hey again all,
>>
>> Got almost all the intel feeds that I'm looking to get save
>> one...malips. From:
>>
>> http://blog.bro.org/2014/01/intelligence-data-and-bro_4980.html
>>
>> I'm running:
>>
>> mal-dnssearch -M malips -p | mal-dns2bro -T ip -s malips >
>> malips.intel
>>
>> However the results looks muffed:
>>
>> head malips.intel
>> #fields indicator indicator_type meta.source meta.url
>> meta.do_notice meta.if_in
>> 100.42.5Intel::ADDR malips - F -
>> 103.14.1Intel::ADDR malips - F -
>> 103.19.8Intel::ADDR malips - F -
>>
>> The others all look fine. Again, am I missing a flag or something?
>> Thank you.
>>
>> James
>
> Some additional info shows that there's a carriage return after the
> IP...doing a :set list in vim shows:
>
> 100.42.50.110^M^IIntel::ADDR^Imalips^I-^IF^I-$
>
> None of the other .intel files show the ^M. Thanks all.
>
> James
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
--
Jon Schipp,
jonschipp.com, sickbits.net
More information about the Bro
mailing list