[Bro] Bro Digest, Vol 133, Issue 4
Dave Florek
dave.a.florek at gmail.com
Fri May 5 07:53:11 PDT 2017
Hi Mike,
Yep. I'm using a custom .dat file:
redef Intel::read_files += {
"/usr/local/bro/intel/target.dat"
};
I don't think that's the issue though. Those email alerts do show up in the
notice.log and my mailbox when I trigger them by pinging the indicator
sites. I think the issue is with the Critical Stack Intel alerts that show
in the intel.log but not the notice.log. Is there by any chance a separate
config file that controls those alerts since it's a separate addon?
Thanks!
Date: Thu, 4 May 2017 13:53:49 -0500
> From: Mike Dopheide <dopheide at gmail.com>
> Subject: Re: [Bro] Intel alerts not showing up in the notice log
> To: Dave Florek <dave.a.florek at gmail.com>
> Cc: "bro at bro.org" <bro at bro.org>
> Message-ID:
> <CAPy2kFbR+3ks1=A+RbkK6aSaSgqzJ1Pk_ov6JrWzNOdZ5Ute0w at mail.gmail.
> com>
> Content-Type: text/plain; charset="utf-8"
>
> I assume you've also redef'd Intel::read_files as well.
>
> How are you testing it? If you're running standalone against a small pcap,
> I believe Bro may finish processing traffic before it finishes loading the
> Intel data. (Can anyone confirm or deny that?)
>
> -Dop
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170505/51936e97/attachment.html
More information about the Bro
mailing list