[Bro] Error with a custom protocol decoder which returns an event with record type object

Emmanuel TORQUATO Emmanuel.TORQUATO at monext.net
Tue Mar 10 09:28:29 PDT 2015


Thanks Seth, it's ok after adding my new type in my init-bare.bro file. It was the missing step !

Regards,


T. +33 4 42 25 15 51
emmanuel.torquato at monext.net
www.monext.net 

  
 Merci de penser à l'environnement avant d'imprimer ce message.
Please consider the environment before printing this email.

-----Message d'origine-----
De : Seth Hall [mailto:seth at icir.org] 
Envoyé : mardi 10 mars 2015 06:27
À : Emmanuel TORQUATO
Cc : bro at bro.org
Objet : Re: [Bro] Error with a custom protocol decoder which returns an event with record type object


> On Mar 9, 2015, at 9:09 AM, Emmanuel TORQUATO <Emmanuel.TORQUATO at monext.net> wrote:
> 
> type CBCOM::Message: record;
>  
> Anyone who has an idea or who has worked on the radius decoder could help me ?

You probably just haven’t defined the structure of that record in a Bro script.  Built in analyzers at the moment have their script land definitions provided in init-base.bro (for the most part), but if you are writing your analyzer as an external plugin (if you’re working with git master) you can provide the definition in a script shipped with the plugin.

  .Seth

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro.org/




More information about the Bro mailing list