[Bro] log writer issue
Azoff, Justin S
jazoff at illinois.edu
Tue Dec 29 07:15:11 PST 2015
> On Dec 29, 2015, at 9:34 AM, György Miru <mirugy at gmail.com> wrote:
>
> This happens before the first event is logged, however the headers are already written into the logfile
Was there a stderr.log ?
Does it happen before the event would have been logged at all, or in the process of logging the event?
If you add a
print "This is siemenss7_write_data_unsigned"; #or siemenss7_read_data_unsigned
print c$s7data;
before the calls to
Log::write(S7comm::LOG3, c$s7data);
what gets output to stdout (or the stdout.log if you are using broctl)?
I think this may be caused by one of the fields in one of your events being invalid somehow...
> debug_s7data.log: relevant part of the debug.log file, when bro was run with -B threading switch
You really want -B logging
I have a feeling you'll see a "Field type doesn't match in WriterBackend::Write" message
--
- Justin Azoff
More information about the Bro
mailing list