[Bro] Help with intel framework
Lee Shiry
lee at shiry.org
Fri Nov 16 13:09:45 PST 2018
I removed the comma, and added a line in the dat file using Intel::ADDR,
still no intel.log.
On 11/16/18 4:03 PM, fatema bannatwala wrote:
> Hey,
>
> Just a quick check, Bro won't generate the intel.log if it's unable to
> load the intel input file to read from.
> was looking at your intel file re-definition:
>
> redef Intel::read_files += {
> "/usr/local/intel-bad-user-agents.dat",
> };
>
> Can you remove the trailing "," after
> "/usr/local/intel-bad-user-agents.dat" line and see if it works.
> I am not sure if that line should be ended with a comma.
>
> Also,can you try with an "Intel::ADDR" type just to check if it's
> getting triggered?
> You can add any IP that you can test with Intel::ADDR and see if that
> works.
>
> Fatema
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20181116/df41ca64/attachment.html
More information about the Bro
mailing list