[Bro] Mal-dnssearch issue
James Lay
jlay at slave-tothe-box.net
Fri Oct 10 10:49:42 PDT 2014
On 2014-10-10 11:22, Jon Schipp wrote:
> Hello James,
>
> Sorry, I've been really busy. Thanks for reporting, I'll look into
> it.
> For any specific issue with the script you can create an issue on
> Github and I'll take care of it :)
>
> On Fri, Oct 10, 2014 at 9:44 AM, James Lay <jlay at slave-tothe-box.net>
> wrote:
>> On 2014-10-09 15:48, James Lay wrote:
>>> Hey again all,
>>>
>>> Got almost all the intel feeds that I'm looking to get save
>>> one...malips. From:
>>>
>>> http://blog.bro.org/2014/01/intelligence-data-and-bro_4980.html
>>>
>>> I'm running:
>>>
>>> mal-dnssearch -M malips -p | mal-dns2bro -T ip -s malips >
>>> malips.intel
>>>
>>> However the results looks muffed:
>>>
>>> head malips.intel
>>> #fields indicator indicator_type meta.source meta.url
>>> meta.do_notice meta.if_in
>>> 100.42.5Intel::ADDR malips - F -
>>> 103.14.1Intel::ADDR malips - F -
>>> 103.19.8Intel::ADDR malips - F -
>>>
>>> The others all look fine. Again, am I missing a flag or something?
>>> Thank you.
>>>
>>> James
>>
>> Some additional info shows that there's a carriage return after the
>> IP...doing a :set list in vim shows:
>>
>> 100.42.50.110^M^IIntel::ADDR^Imalips^I-^IF^I-$
>>
>> None of the other .intel files show the ^M. Thanks all.
>>
>> James
Did so thanks Jon...I'll get work with this off list.
James
More information about the Bro
mailing list