[Bro] Writing logs to both ACII and JSON
Johanna Amann
johanna at icir.org
Thu Jan 12 04:44:36 PST 2017
On Thu, Jan 12, 2017 at 11:00:59AM +0100, Jan Grashöfer wrote:
> > 0.000000 Reporter::ERROR Path missing for SMB::MAPPING_LOG
> > /usr/local/bro/share/bro/test/./add-json.bro,
> > line 35
> >
> > 0.000000 Reporter::ERROR Path missing for SMB::CMD_LOG
> > /usr/local/bro/share/bro/test/./add-json.bro,
> > line 35
> >
> > 0.000000 Reporter::ERROR Path missing for SMB::FILES_LOG
> > /usr/local/bro/share/bro/test/./add-json.bro,
> > line 35
>
> Using the SMB-Analyzer I was able to reproduce the issue: The
> SMB-Analyzer does not set path, which is indeed optional but used for
> all the other logs by convention.
Yup, you are right. This looks like an oversight, the path should have
been set for all the create_stream calls. I will fix this in master in a
few minutes - thanks for finding this :)
Johanna
More information about the Bro
mailing list