[Bro] Warning of "did not find requested field indicator" from intelligence data file

wangdj at ffcs.cn wangdj at ffcs.cn
Mon Sep 3 02:56:49 PDT 2018


Hi Jan,

Thanks for your reply. 
The header in myintel.txt file is tab-separated.  I will check the the second reason you told.

Best Regards


DeJin Wang
 
From: Jan Grashöfer
Date: 2018-08-28 17:01
To: bro
Subject: Re: [Bro] Warning of "did not find requested field indicator" from intelligence data file
On 27/08/18 10:10, wangdj at ffcs.cn wrote:> when i run this script with 
command "./bro -i eth3 mytest" on a shell terminal and run "ping 
14.215.177.39"  command on another shell terminal, i  got the following 
warning and :
> warning: ./myintel.txt/Input::READER_ASCII: Did not find requested field indicator in input data file ./myintel.txt.
 
Keep in mind that the header has to be tab-separated. Furthermore, the 
default seen scripts report only IPs of established TCP connections (see 
https://github.com/bro/bro/blob/master/scripts/policy/frameworks/intel/seen/conn-established.bro).
 
Jan
_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180903/5ef41fad/attachment.html 


More information about the Bro mailing list