[Bro] Startup cleanup

James Lay jlay at slave-tothe-box.net
Thu Aug 24 13:15:10 PDT 2017 

On 2017-08-24 11:15, Aashish Sharma wrote:
>> Broxygen comment" lines.  That basically just means someone (Aashish!) 
>> used
> ( I knew had to be me involved somewhere - apologies )
> 
> I think Broxygen pointing to intel-framework is merely an artifact. 
> Issue is you
> are running smtp-embedded-urls-bloom.bro where I have "##" in comments 
> and
> broxygen doesn't like it. (this script is rather quite old version)
> 
> I believe have cleaned up code here:
> 
> https://github.com/initconf/smtp-analysis
> 
> I'll send a followup email in a little bit with a link to more latest 
> stuff.
> Just want ot make sure its cleaned up before I share the link with you.
> 
> Aashish

Good on ya thanks Aashish as well as others that have responded.  
Figured I'd make sure I had less to look through as I go through the 
upgrade process.

James


> 
> 
> On Thu, Aug 24, 2017 at 11:18:56AM -0500, Mike Dopheide wrote:
>> Not sure about that end bit, but you can ignore all the "extraneous
>> Broxygen comment" lines.  That basically just means someone (Aashish!) 
>> used
>> two ##'s to start a comment.  It's a habit I have as well so I see 
>> those
>> all the time.
>> 
>> -Dop
>> 
>> On Thu, Aug 24, 2017 at 10:56 AM, James Lay <jlay at slave-tothe-box.net>
>> wrote:
>> 
>> > So here's my startup line and standard output
>> >
>> > sudo /usr/local/bro/bin/bro -C -i eth0 -i eth1 --filter 'not ((host
>> > x.x.x.x and net 192.168.1.0/24) and (tcp port <snip> or tcp port <snip>
>> > )) and not ip6' local "Site::local_nets += { x.x.x.x/32,192.168.1.0/24
>> > }"
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/__load__.bro, line
>> > 1: Discarded extraneous Broxygen comment: check link in mail_links
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/__load__.bro, line
>> > 1: Discarded extraneous Broxygen comment: for
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/__load__.bro, line
>> > 1: Discarded extraneous Broxygen comment:  print fmt ("log_mine
>> > Log_mime: %s", rec);
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/__load__.bro, line
>> > 1: Discarded extraneous Broxygen comment: aashish: need to port to file
>> > analysis framework
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
>> > /conn-established.bro,
>> > line 1: Discarded extraneous Broxygen comment: check link in mail_links
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
>> > /conn-established.bro,
>> > line 1: Discarded extraneous Broxygen comment: for
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
>> > /conn-established.bro,
>> > line 1: Discarded extraneous Broxygen comment:        print fmt
>> > ("log_mine Log_mime: %s", rec);
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
>> > /conn-established.bro,
>> > line 1: Discarded extraneous Broxygen comment: aashish: need to port to
>> > file analysis framework
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
>> > /conn-established.bro,
>> > line 1: Discarded extraneous Broxygen comment: check link in mail_links
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
>> > /conn-established.bro,
>> > line 1: Discarded extraneous Broxygen comment: for
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
>> > /conn-established.bro,
>> > line 1: Discarded extraneous Broxygen comment:        print fmt
>> > ("log_mine Log_mime: %s", rec);
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
>> > /conn-established.bro,
>> > line 1: Discarded extraneous Broxygen comment: aashish: need to port to
>> > file analysis framework
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
>> > /./where-locations.bro,
>> > line 1: Discarded extraneous Broxygen comment: check link in mail_links
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
>> > /./where-locations.bro,
>> > line 1: Discarded extraneous Broxygen comment: for
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
>> > /./where-locations.bro,
>> > line 1: Discarded extraneous Broxygen comment:       print fmt
>> > ("log_mine Log_mime: %s", rec);
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
>> > /./where-locations.bro,
>> > line 1: Discarded extraneous Broxygen comment: aashish: need to port to
>> > file analysis framework
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
>> > /./where-locations.bro,
>> > line 1: Discarded extraneous Broxygen comment: check link in mail_links
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
>> > /./where-locations.bro,
>> > line 1: Discarded extraneous Broxygen comment: for
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
>> > /./where-locations.bro,
>> > line 1: Discarded extraneous Broxygen comment:       print fmt
>> > ("log_mine Log_mime: %s", rec);
>> > internal warning in
>> > /usr/local/bro/share/bro/policy/frameworks/intel/seen/.
>> > /./where-locations.bro,
>> > line 1: Discarded extraneous Broxygen comment: aashish: need to port to
>> > file analysis framework
>> > <params>, line 1: listening on eth0
>> >
>> > <params>, line 1: listening on eth1
>> >
>> > 1503589314.254774 error in <params>, line 1: Bad IP address: 5
>> > 1503589314.254774 error in <params>, line 1: Bad IP address: 6
>> > 1503589314.254774 error in <params>, line 1: Bad IP address: 1
>> >
>> > Anything I need to be concerned about here?  Thank you.
>> >
>> > James
>> > _______________________________________________
>> > Bro mailing list
>> > bro at bro-ids.org
>> > http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>> >
> 
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list