[Bro] bro 2.5 . How to get meta fields on intel.log
Giedrius Ramas
giedrius.ramas at gmail.com
Thu Feb 23 03:21:49 PST 2017
Hi Seth,
How can we get working those bro extensions for Bro 2.4 on Bro 2.5
Currently I get errors:
error in /opt/bro/share/bro/base/frameworks/intel/./main.bro, line 155:
already defined (Intel::extend_match)
internal warning in
/opt/bro/share/bro/my_scripts/intel-ext/./scripts/main.bro, line 20:
Duplicate identifier documentation: Intel::extend_match
proxy scripts failed.
error in /opt/bro/share/bro/base/frameworks/intel/./main.bro, line 155:
already defined (Intel::extend_match)
internal warning in
/opt/bro/share/bro/my_scripts/intel-ext/./scripts/main.bro, line 20:
Duplicate identifier documentation: Intel::extend_match
ids-nksc004-eth1-1 scripts failed.
error in /opt/bro/share/bro/base/frameworks/intel/./main.bro, line 155:
already defined (Intel::extend_match)
internal warning in
/opt/bro/share/bro/my_scripts/intel-ext/./scripts/main.bro, line 20:
Duplicate identifier documentation: Intel::extend_match
Our intel data have following format :
#fields indicator indicator_type meta.desc meta.cif_confidence
meta.source
And we need to have these meta's: meta.desc, meta.cif_confidence,
meta.source on bro.intel log as previously had with bro extensions for Bro
2.4 found on https://github.com/sethhall/intel-ext.
Or question is how to get meta fields on bro intel.log.?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170223/ebec5873/attachment.html
More information about the Bro
mailing list