[Bro] Writing logs to both ACII and JSON
Jan Grashöfer
jan.grashoefer at gmail.com
Thu Jan 12 02:00:59 PST 2017
> 0.000000 Reporter::ERROR Path missing for SMB::MAPPING_LOG
> /usr/local/bro/share/bro/test/./add-json.bro,
> line 35
>
> 0.000000 Reporter::ERROR Path missing for SMB::CMD_LOG
> /usr/local/bro/share/bro/test/./add-json.bro,
> line 35
>
> 0.000000 Reporter::ERROR Path missing for SMB::FILES_LOG
> /usr/local/bro/share/bro/test/./add-json.bro,
> line 35
Using the SMB-Analyzer I was able to reproduce the issue: The
SMB-Analyzer does not set path, which is indeed optional but used for
all the other logs by convention.
> Any ideas on how to fix this (preferably), or hard exclude the SMB files
> that cause issues?
I have fixed the script but I need some more testing (just noticed that
path_func wasn't supported as well). For now, you can use exclude_json
to exclude SMB::MAPPING_LOG, SMB::CMD_LOG and SMB::FILES_LOG.
Jan
More information about the Bro
mailing list