[Bro] Help with intel framework
fatema bannatwala
fatema.bannatwala at gmail.com
Fri Nov 16 13:03:25 PST 2018
Hey,
Just a quick check, Bro won't generate the intel.log if it's unable to load
the intel input file to read from.
was looking at your intel file re-definition:
redef Intel::read_files += {
"/usr/local/intel-bad-user-agents.dat",
};
Can you remove the trailing "," after
"/usr/local/intel-bad-user-agents.dat" line and see if it works.
I am not sure if that line should be ended with a comma.
Also,can you try with an "Intel::ADDR" type just to check if it's getting
triggered?
You can add any IP that you can test with Intel::ADDR and see if that works.
Fatema
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181116/f569b8f0/attachment.html
More information about the Bro
mailing list