[Bro] non-void function returns without a value
Obndnar smith
obdnanr at gmail.com
Mon Jun 20 08:13:10 PDT 2016
We're using the following script to white list DNS requests. In the
reporter.log we are getting the following error multiple times every
millisecond. Anyone know what we're doing wrong? Can bad scripts cause
the logs to fail to rotate correctly?
Jun 20 10:58:05 Reporter::ERROR field value missing [FILTER::rec$query]
/usr/local/bro/spool/installed-scripts-do-not-touch/site/mysite/dns-filter.bro,
line 13
Jun 20 10:58:05 Reporter::WARNING non-void function returns without a
value: FILTER::filter_pred (empty)
module FILTER;
function filter_pred (rec: DNS::Info) : bool
{
if("microsoft.com" in rec$query)
return F;
return T;
}
event bro_init()
{
Log::remove_default_filter(DNS::LOG);
Log::add_filter(DNS::LOG, [$name="dns-filter",
$path="dns",
$exclude=set("trans_id", "qclass",
"qclass_name", "qtype", "rcode", "rcode_name", "QR", "AA", "TC", "RD",
"RA", "Z", "TLLs", "rejected"),
$pred=filter_pred]);
}
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160620/d5ddbab3/attachment.html
More information about the Bro
mailing list