[Bro] Startup cleanup

Mike Dopheide dopheide at gmail.com
Thu Aug 24 09:18:56 PDT 2017 

Not sure about that end bit, but you can ignore all the "extraneous
Broxygen comment" lines.  That basically just means someone (Aashish!) used
two ##'s to start a comment.  It's a habit I have as well so I see those
all the time.

-Dop

On Thu, Aug 24, 2017 at 10:56 AM, James Lay <jlay at slave-tothe-box.net>
wrote:

> So here's my startup line and standard output
>
> sudo /usr/local/bro/bin/bro -C -i eth0 -i eth1 --filter 'not ((host
> x.x.x.x and net 192.168.1.0/24) and (tcp port <snip> or tcp port <snip>
> )) and not ip6' local "Site::local_nets += { x.x.x.x/32,192.168.1.0/24
> }"
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/__load__.bro, line
> 1: Discarded extraneous Broxygen comment: check link in mail_links
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/__load__.bro, line
> 1: Discarded extraneous Broxygen comment: for
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/__load__.bro, line
> 1: Discarded extraneous Broxygen comment:  print fmt ("log_mine
> Log_mime: %s", rec);
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/__load__.bro, line
> 1: Discarded extraneous Broxygen comment: aashish: need to port to file
> analysis framework
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> /conn-established.bro,
> line 1: Discarded extraneous Broxygen comment: check link in mail_links
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> /conn-established.bro,
> line 1: Discarded extraneous Broxygen comment: for
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> /conn-established.bro,
> line 1: Discarded extraneous Broxygen comment:        print fmt
> ("log_mine Log_mime: %s", rec);
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> /conn-established.bro,
> line 1: Discarded extraneous Broxygen comment: aashish: need to port to
> file analysis framework
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> /conn-established.bro,
> line 1: Discarded extraneous Broxygen comment: check link in mail_links
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> /conn-established.bro,
> line 1: Discarded extraneous Broxygen comment: for
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> /conn-established.bro,
> line 1: Discarded extraneous Broxygen comment:        print fmt
> ("log_mine Log_mime: %s", rec);
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> /conn-established.bro,
> line 1: Discarded extraneous Broxygen comment: aashish: need to port to
> file analysis framework
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> /./where-locations.bro,
> line 1: Discarded extraneous Broxygen comment: check link in mail_links
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> /./where-locations.bro,
> line 1: Discarded extraneous Broxygen comment: for
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> /./where-locations.bro,
> line 1: Discarded extraneous Broxygen comment:       print fmt
> ("log_mine Log_mime: %s", rec);
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> /./where-locations.bro,
> line 1: Discarded extraneous Broxygen comment: aashish: need to port to
> file analysis framework
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> /./where-locations.bro,
> line 1: Discarded extraneous Broxygen comment: check link in mail_links
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> /./where-locations.bro,
> line 1: Discarded extraneous Broxygen comment: for
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> /./where-locations.bro,
> line 1: Discarded extraneous Broxygen comment:       print fmt
> ("log_mine Log_mime: %s", rec);
> internal warning in
> /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
> /./where-locations.bro,
> line 1: Discarded extraneous Broxygen comment: aashish: need to port to
> file analysis framework
> <params>, line 1: listening on eth0
>
> <params>, line 1: listening on eth1
>
> 1503589314.254774 error in <params>, line 1: Bad IP address: 5
> 1503589314.254774 error in <params>, line 1: Bad IP address: 6
> 1503589314.254774 error in <params>, line 1: Bad IP address: 1
>
> Anything I need to be concerned about here?  Thank you.
>
> James
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170824/d3a3fcdb/attachment.html

More information about the Bro mailing list