[Bro] BinPAC analyzer name
Johanna Amann
johanna at icir.org
Mon Nov 28 15:15:25 PST 2016
Interesting, I am not really aware of any reason why just using AMS should
not work.
Do you appen to have your code up on github (or somewhere else)? Then I
could take a look.
If you want to investigate for a bit yourself, build bro with
--enable-debug, start it with -B dpd and look at debug.log. There you
should see if data is sent to your analyzer - that might already give you
pointers if something is going wrong at/before/after this step.
Johanna
On Tue, Nov 29, 2016 at 12:11:00AM +0100, Dane Wullen wrote:
> Hey,
>
> thanks for your reply.
>
> "Don't work" means that it doesn't raise any event nor executes the (C++)
> code in the analyser.pac file. It's like it can't read the traffic or
> something.
>
> Like I said, when I name it Test or PROTO-AMS or something like that, it
> works fine.
>
> Dane
>
> Am 29.11.2016 um 00:05 schrieb Johanna Amann:
> > By don't work - do you mean that it doesn't compile? Or does it not get
> > any traffic? Or does it not raise events?
> >
> > Johanna
> >
> > On Mon, Nov 07, 2016 at 11:56:01PM +0100, Dane Wullen wrote:
> > > Hi there,
> > >
> > > I wrote a new analyzer with BinPAC for a protocol named 'AMS'.
> > > Somehow when I create the analyzer via the binpac python script and name
> > > the analyzer 'AMS' or 'ams', the analyzer won't work. When I name it
> > > 'TEST' or 'test', it works fine (same protocol specification, C++ Code,
> > > etc.)
> > >
> > > Is there a name convention for new analyzer? Or does anyone know, why
> > > BinPAC/Bro won't accept the name 'ams'?
> > >
> > > Thank you!
> > >
> > > _______________________________________________
> > > Bro mailing list
> > > bro at bro-ids.org
> > > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> > >
>
More information about the Bro
mailing list