[Bro] Notice and Sumstats and how to whitelist IPs
Azoff, Justin S
jazoff at illinois.edu
Thu Sep 6 15:44:58 PDT 2018
> On Sep 6, 2018, at 6:24 PM, Dillon Murphy <DMurphy at lfcu.com> wrote:
>
> Hey Justin,
>
> It looks like half the script is being removed every time I send it. Here is the other half.
No.. I got that part.
By itself, the script that you posted does not do anything.
That check_icmp function is never called and may as well not exist, that's why nothing you put in there is
changing the result.
You have another script that is also calling
SumStats::observe("Messages",...)
which is what is causing all the confusion. You should not use "Messages" as the stream name, and you should absolutely not
use the same stream name in two different unrelated scripts.
—
Justin Azoff
More information about the Bro
mailing list