[Bro] Bro Digest, Vol 133, Issue 4
Dave Florek
dave.a.florek at gmail.com
Fri May 5 08:25:02 PDT 2017
I see it. Nevermind. Problem solved!
On Fri, May 5, 2017 at 10:53 AM, Dave Florek <dave.a.florek at gmail.com>
wrote:
> Hi Mike,
>
> Yep. I'm using a custom .dat file:
>
> redef Intel::read_files += {
> "/usr/local/bro/intel/target.dat"
> };
>
> I don't think that's the issue though. Those email alerts do show up in
> the notice.log and my mailbox when I trigger them by pinging the indicator
> sites. I think the issue is with the Critical Stack Intel alerts that show
> in the intel.log but not the notice.log. Is there by any chance a separate
> config file that controls those alerts since it's a separate addon?
>
> Thanks!
>
> Date: Thu, 4 May 2017 13:53:49 -0500
>> From: Mike Dopheide <dopheide at gmail.com>
>> Subject: Re: [Bro] Intel alerts not showing up in the notice log
>> To: Dave Florek <dave.a.florek at gmail.com>
>> Cc: "bro at bro.org" <bro at bro.org>
>> Message-ID:
>> <CAPy2kFbR+3ks1=A+RbkK6aSaSgqzJ1Pk_ov6JrWzNOdZ5Ute0w at mail.
>> gmail.com>
>> Content-Type: text/plain; charset="utf-8"
>>
>> I assume you've also redef'd Intel::read_files as well.
>>
>> How are you testing it? If you're running standalone against a small
>> pcap,
>> I believe Bro may finish processing traffic before it finishes loading the
>> Intel data. (Can anyone confirm or deny that?)
>>
>> -Dop
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170505/2ef41215/attachment.html
More information about the Bro
mailing list