[Bro] Question: using Log Filter Framework
James Dickenson
jdickenson at gmail.com
Tue Aug 29 10:54:56 PDT 2017
Hey All,
Hey I've been trying to use the log filter framework to filter out
various things like certain IP ranges and other records. Here is my
attempt but Bro is complaining about line 8 saying my syntax isn't
correct. Does anyone know what I'm doing wrong? I've been using
Seth's blog post on the framework as an example of how to build the
log filters. --->
http://blog.bro.org/2012/02/filtering-logs-with-bro.html
Thanks in advance!
-James D.
###### code #######
global filter_ip_set: subnet = 1.0.0.0/8 &redef;
event bro_init()
{
Log::remove_default_filter(HTTP::LOG);
Log::add_filter(HTTP::LOG, [$name="orig_h_filter",
$pred(rec: HTTP::Info) = {
rec$id$orig_h in $filter_ip_set;
} ]);
Log::add_filter(HTTP::LOG, [$name="resp_h_filter",
$pred(rec: HTTP::Info) = {
rec$id$resp_h in $filter_ip_set;
} ]);
}
#########################
###### error ########
error in **snip*** test.bro, line 8: syntax error, at or near ";"
More information about the Bro
mailing list