I encounter a odd problem when i run *bro* today.
# ./bro my -w /home/zw/bro09171617.dump
Flags need to come before policy scripts. It's interpreting "-w" and
"/home/zw/bro09171617.dump" as scripts to interpret. I would've expected
it to stop by saying "error: can't open -w" (that's what it does for me),
unless you happen to have a file "-w" in your Bro searchpath. Do you
have such a file? Can you send me the tcpdump trace file, so I can see
if I can reproduce this?
Vern
Hi Vern,
I ran the following command,not set "-w" switch,and still generated the output.
So I feel very confused.
[cliff@oradata bro-pub-0.9a3]$ ./bro mt -i eth0
input in flex scanner failed
[cliff@oradata bro-pub-0.9a3]$ ./bro -i eth0 mt
input in flex scanner failed
mt.bro is as follwoing:
# $Id: mt.bro,v 1.1.1.1 2004/04/30 00:31:28 jason Exp $
@load log
@load dns-lookup
@load hot
@load frag
@load tcp
@load scan
@load weird
@load finger
@load ident
@load ftp
@load login
@load portmapper
@load ntp
@load tftp
Thanks,
Cliff