[Bro] Notice and Sumstats and how to whitelist IPs
Dillon Murphy
DMurphy at lfcu.com
Fri Sep 7 13:58:49 PDT 2018
I see. I forgot to add the ICMP event. I don’t know about the SumStats::observe("Messages"). I'll have to check on that.
Thank you very much for your help Justin!!
Dillon Murphy
-----Original Message-----
From: Azoff, Justin S <jazoff at illinois.edu>
Sent: Thursday, September 06, 2018 3:45 PM
To: Dillon Murphy <DMurphy at lfcu.com>
Cc: bro at bro.org
Subject: Re: [Bro] Notice and Sumstats and how to whitelist IPs
> On Sep 6, 2018, at 6:24 PM, Dillon Murphy <DMurphy at lfcu.com> wrote:
>
> Hey Justin,
>
> It looks like half the script is being removed every time I send it. Here is the other half.
No.. I got that part.
By itself, the script that you posted does not do anything.
That check_icmp function is never called and may as well not exist, that's why nothing you put in there is changing the result.
You have another script that is also calling
SumStats::observe("Messages",...)
which is what is causing all the confusion. You should not use "Messages" as the stream name, and you should absolutely not use the same stream name in two different unrelated scripts.
—
Justin Azoff
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180907/5c5f9c03/attachment.html
More information about the Bro
mailing list