[Bro] Warning of "did not find requested field indicator" from intelligence data file
wangdj at ffcs.cn
wangdj at ffcs.cn
Mon Aug 27 01:10:50 PDT 2018
Hi,
According to instruction of intelligence framework, i wrote a intelligence framework text file myintel.txt which content is:
#fields indicator indicator_type meta.source meta.desc meta.url
14.215.177.39 Intel::ADDR baidu use baidu search -
Very simple. I also wrote a simple bro script file mytest.bro which content is:
@load policy/frameworks/intel/seen
@load policy/frameworks/intel/do_notice
redef Intel::read_files += { "./myintel.txt" };
when i run this script with command "./bro -i eth3 mytest" on a shell terminal and run "ping 14.215.177.39" command on another shell terminal, i got the following warning and :
warning: ./myintel.txt/Input::READER_ASCII: Did not find requested field indicator in input data file ./myintel.txt.
It seems that there is no error with the myintel.txt file, then what happened leads to this warning.
Best Regards
DeJin Wang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180827/76fb23bc/attachment.html
More information about the Bro
mailing list