[Bro] Intel framework troubleshooting on Bro 2.5
Hovsep Levi
hovsep.sanjay.levi at gmail.com
Fri Oct 7 09:43:46 PDT 2016
Nothing stands out. Looking at base/frameworks/intel/input.bro is there a
way to hook Input::add_event and have those events written to a log file ?
I tried moving a new intel file into place but didn't notice anything in
reporter.log or stderr.
ex: cp master-public.bro.dat master-public.bro.dat.new && mv
master-public.bro.dat.new master-public.bro.dat
On Fri, Oct 7, 2016 at 4:03 PM, Azoff, Justin S <jazoff at illinois.edu> wrote:
>
> > On Oct 7, 2016, at 11:56 AM, Hovsep Levi <hovsep.sanjay.levi at gmail.com>
> wrote:
> >
> > Are there any tricks to use when debugging the Intel framework that
> would show parsing errors ?
>
> First step would be to check reporter.log and stderr.log on the manager.
>
> --
> - Justin Azoff
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161007/df9c7942/attachment.html
More information about the Bro
mailing list