[Bro] Base64 errors in reporter.log
Siwek, Jon
jsiwek at illinois.edu
Fri Jul 3 08:24:11 PDT 2015
> On Jul 3, 2015, at 9:58 AM, Jan Grashofer <jan.grashofer at cern.ch> wrote:
>
> I (ad it seems I am not the only one) see a lot of base64 related errors in my reporter.log like:
>
> Reporter::ERROR extra base64 groups after '=' padding are ignored (empty)
> Reporter::ERROR incomplete base64 group, padding with 12 bits of 0 (empty)
>
> Question 1: What's the origin of these errors?
Likely a protocol analyzer trying to decode what it thinks is a base64 string, but turns out it’s actually not a valid base64 encoding.
> Question 2: How can I avoid these messages polluting my reporter.log?
Possibly w/ a logging filter. Maybe also file a ticket at tracker.bro.org suggesting that, in the case I mentioned above (if it is actually the case), it may be more appropriate to emit a “weird” rather than an “error”.
- Jon
More information about the Bro
mailing list