Bro 1.4, sinatures.bro policy warning

Hello Robin,

When using bro on offline mode and loading signatures.bro policy I get the following warning

suse:/usr/local/bro # export BROPATH="/usr/local/bro/site:/usr/local/bro/share/bro"
suse:/usr/local/bro # export BROHOME="/usr/local/bro"
suse:/usr/local/bro # bro -r /tmp/trace.pcap signatures
line 1: warning: event handlers never invoked:
line 1: warning: Drop::restore_dropped_address

BROPATH to points at the new policy folder.

It happens with every trace I've tried, but just in case here I'm attaching the sample used on the example.

Also I noticed there is no longer a 'site' folder. Where would be the right place to place our host-specific Bro policy file?

Best Regards


trace.pcap (920 Bytes)