[Bro] Field value missing
Javier Richard Quinto Ancieta
richardqa at gmail.com
Sun Mar 29 20:55:44 PDT 2015
Greetings all,
I am new to Bro, and I hope you can help me.
I read the following documentation:
https://www.bro.org/sphinx-git/frameworks/notice.html
Exactly, this part of the code:
...
hook Notice::policy(n: Notice::Info)
{
if
( n$note == SSH::Password_Guessing && n$id$resp_h == 10.0.0.1
)
add n$actions[Notice::ACTION_EMAIL];
}
...
And write it in the file ../local.bro
But, when I generate an attack to IP (10.0.0.1), and I got an error: "*field
value missing [n$id]*" .
I use *bro -i eth0 local *to debug logs in live
I did many changes, also I use "$id?$resp_h" to check errors, and i got the
same error. I am sorry but I am new with Bro and I would like to know How
can I fix that?.
Thank you
Javier
--
Saludos Cordiales
Javier
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150330/5df6bd42/attachment.html
More information about the Bro
mailing list