[Bro] Intel alerts not showing up in the notice log
Dave Florek
dave.a.florek at gmail.com
Thu May 4 11:07:04 PDT 2017
Hi Mike,
Thanks for the response. I'm still not seeing the Intel.log entries show up
in my notice.log. I confirmed I have the @load
policy/frameworks/intel/do_notice
and @load frameworks/intel/seen in my local.bro file and the 'T' switch set
on my DAT file entries. I'm not sure what to try next.
Any recommendations?
> Date: Tue, 2 May 2017 16:06:37 -0500
> From: Mike Dopheide <dopheide at gmail.com>
> Subject: Re: [Bro] Intel alerts not showing up in the notice log
> To: Dave Florek <dave.a.florek at gmail.com>
> Cc: "bro at bro.org" <bro at bro.org>
> Message-ID:
> <CAPy2kFb0Cq182NfppPmqGt42+qdUqys09r=gu7JxLojfnefL0w@
mail.gmail.com>
> Content-Type: text/plain; charset="utf-8"
>
> I haven't read the whole thread, but you may need:
>
> @load policy/frameworks/intel/do_notice
>
> As well as have "meta.do_notice" set to T in your .dat files.
>
> -Dop
>
>> On Tue, May 2, 2017 at 3:36 PM, Dave Florek <dave.a.florek at gmail.com>
wrote:
>>
>> Good afternoon,
>>
>> Was there a resolution to this thread? I'm having the same issue on a
>> default build and I'm not sure where to start.
>>
>> http://mailman.icsi.berkeley.edu/pipermail/bro/2014-May/006940.html
>>
>> Thanks,
>>
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
<http://mailman.icsi.berkeley.edu/mailman/listinfo/bro>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170504/47c63900/attachment-0001.html
More information about the Bro
mailing list