[Bro] log writer issue
György Miru
mirugy at gmail.com
Mon Jan 4 02:50:34 PST 2016
There was no stderr.log, however -B logging helped. It was in fact a type
mismatch.
Thanks for the help,
Gy M
On Tue, Dec 29, 2015 at 4:15 PM, Azoff, Justin S <jazoff at illinois.edu>
wrote:
>
> > On Dec 29, 2015, at 9:34 AM, György Miru <mirugy at gmail.com> wrote:
> >
> > This happens before the first event is logged, however the headers are
> already written into the logfile
>
> Was there a stderr.log ?
>
> Does it happen before the event would have been logged at all, or in the
> process of logging the event?
>
> If you add a
>
> print "This is siemenss7_write_data_unsigned"; #or
> siemenss7_read_data_unsigned
> print c$s7data;
>
> before the calls to
>
> Log::write(S7comm::LOG3, c$s7data);
>
> what gets output to stdout (or the stdout.log if you are using broctl)?
>
> I think this may be caused by one of the fields in one of your events
> being invalid somehow...
>
> > debug_s7data.log: relevant part of the debug.log file, when bro was run
> with -B threading switch
>
> You really want -B logging
>
> I have a feeling you'll see a "Field type doesn't match in
> WriterBackend::Write" message
>
> --
> - Justin Azoff
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160104/35bafeed/attachment.html
More information about the Bro
mailing list