[Bro] Scan::check_scan

ps sunu pssunu6 at gmail.com
Thu Aug 10 23:57:39 PDT 2017 

Hi ,

                  I Started doing nfs ANALYZER .bro script in bro 2.5
 script , i the first script  i am getting below error


*const ports = {111/tcp, 111/udp, 747/udp, 759/tcp, 762/udp, 764/tcp,*
*2049/udp};*
*redef likely_server_ports += {ports};*

*event bro_init() &priority=5*
*    {*
*    Analyzer::register_for_ports(Analyzer::ANALYZER_NFS, ports);*
*    }*

*event  nfs_proc_getattr(c: connection, info: NFS3::info_t, fh: string,**attrs:
NFS3::fattr_t){*
*   print c;*
*}*

and  am getting below error

944207397.280000 internal error: unknown analyzer name RPC; mismatch with
tag analyzer::Component?
Aborted (core dumped)

Regards,
Sunu







On Aug 11, 2017 6:07 AM, "Johanna Amann" <johanna at icir.org> wrote:

> Ok, in that case - as I said before, you should probably just do a
> complete re-write of the script; you definitely cannot just include random
> old bro script files and hope that they work :)
>
> Johanna
>
> On 10 Aug 2017, at 17:25, ps sunu wrote:
>
> I need to run old NFS.bro script into bro 2.5 this script calling UDP
>> script udp-common and its calling scan.bro,hot.bro
>>
>> https://github.com/grigorescu/bro-scripts/blob/master/script
>> s/todo/needs_review/nfs.bro
>>
>> On Aug 11, 2017 5:50 AM, "Johanna Amann" <johanna at icir.org> wrote:
>>
>> I think
>>> https://github.com/initconf/scan-NG/blob/master/scripts/old-scan.bro is
>>> a
>>> port of the old scan module.
>>>
>>> May I ask why you need and can't use the one that currently ships with
>>> Bro?
>>>
>>> Johanna
>>>
>>> On Thu, Aug 10, 2017 at 10:40:02AM +0530, ps sunu wrote:
>>>
>>>> Hi,
>>>>            any one know  hot module and scan module (support bro 1.5)
>>>> alternative in bro 2.5 ?
>>>>
>>>
>>> _______________________________________________
>>>> Bro mailing list
>>>> bro at bro-ids.org
>>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>>
>>>
>>>
>>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170811/fd5c3f04/attachment-0001.html

More information about the Bro mailing list