[Bro] Warning of "did not find requested field indicator" from intelligence data file

Jan Grashöfer jan.grashoefer at gmail.com
Tue Aug 28 02:01:42 PDT 2018


On 27/08/18 10:10, wangdj at ffcs.cn wrote:> when i run this script with 
command "./bro -i eth3 mytest" on a shell terminal and run "ping 
14.215.177.39"  command on another shell terminal, i  got the following 
warning and :
> warning: ./myintel.txt/Input::READER_ASCII: Did not find requested field indicator in input data file ./myintel.txt.

Keep in mind that the header has to be tab-separated. Furthermore, the 
default seen scripts report only IPs of established TCP connections (see 
https://github.com/bro/bro/blob/master/scripts/policy/frameworks/intel/seen/conn-established.bro).

Jan


More information about the Bro mailing list