[Bro] Error with a custom protocol decoder which returns an event with record type object
Seth Hall
seth at icir.org
Mon Mar 9 22:26:48 PDT 2015
> On Mar 9, 2015, at 9:09 AM, Emmanuel TORQUATO <Emmanuel.TORQUATO at monext.net> wrote:
>
> type CBCOM::Message: record;
>
> Anyone who has an idea or who has worked on the radius decoder could help me ?
You probably just haven’t defined the structure of that record in a Bro script. Built in analyzers at the moment have their script land definitions provided in init-base.bro (for the most part), but if you are writing your analyzer as an external plugin (if you’re working with git master) you can provide the definition in a script shipped with the plugin.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/
More information about the Bro
mailing list