Binpac exception

I added the below to remove syslog from getting logged in my local.bro, and I do not have a syslog.log as wanted:

event bro_init()

However I am seeing a large amount of the below in weird.log:

1405648595.773644 Comss94xWJf5CHpgnl 54619 514 binpac exception: string mismatch at /bro-2.3/src/analyzer/protocol/syslog/syslog-protocol.pac:8: \x0aexpected pattern: "[[:digit:]]+"\x0aactual data: "syslog message here" - F bro

My start line:

/usr/local/bin/bro --no-checksums -i eth0 local "Site::local_nets += { }"

Is there a way I can troubleshoot this? Thank you.


Hi James,

Try adding this to your local.bro:

event bro_init() {

This will disable the analyzer, while the code you tried will just disable the syslog.log output.

Hope that helps,


Thanks Vlad…I’ll give that a go.