[Bro] Help with bro scripting exercise question
craig bowser
reswob10 at gmail.com
Wed Aug 2 18:19:47 PDT 2017
Hello all, trying to learn bro scripting. I am working through the
exercises from the 2011 workshop and I'm getting an error.
I'm on this page:
https://www.bro.org/bro-workshop-2011/exercises/notices/index.html
I'm on Pt3 More Advanced Policy Notice running this script:
const watched_servers: set[addr] = {
172.16.238.136,
172.16.238.168,
} &redef;
redef Notice::policy += {
[$action = Notice::ACTION_ALARM,
$pred(n: Notice::Info) =
{
return n$note == SSH::Login && n$id$resp_h in watched_servers;
}
]
};
And I'm getting an error that says
#bro -r ssh.pcap local advancebro.bro
error in ./advancebro.bro, line 10: unknown identifier SSH::Login, at
or near "SSH::Login"
Is the SSH::Login no longer a valid function?
Thanks.
Craig L Bowser
____________________________
This email is measured by size. Bits and bytes may have settled during
transport.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170802/80dc555d/attachment.html
More information about the Bro
mailing list