[Bro] Warning of "did not find requested field indicator" from intelligence data file
wangdj at ffcs.cn
wangdj at ffcs.cn
Mon Sep 3 02:56:49 PDT 2018
Hi Jan,
Thanks for your reply.
The header in myintel.txt file is tab-separated. I will check the the second reason you told.
Best Regards
DeJin Wang
From: Jan Grashöfer
Date: 2018-08-28 17:01
To: bro
Subject: Re: [Bro] Warning of "did not find requested field indicator" from intelligence data file
On 27/08/18 10:10, wangdj at ffcs.cn wrote:> when i run this script with
command "./bro -i eth3 mytest" on a shell terminal and run "ping
14.215.177.39" command on another shell terminal, i got the following
warning and :
> warning: ./myintel.txt/Input::READER_ASCII: Did not find requested field indicator in input data file ./myintel.txt.
Keep in mind that the header has to be tab-separated. Furthermore, the
default seen scripts report only IPs of established TCP connections (see
https://github.com/bro/bro/blob/master/scripts/policy/frameworks/intel/seen/conn-established.bro).
Jan
_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180903/5ef41fad/attachment.html
More information about the Bro
mailing list