Hi
Does bro_init event stop before the other events are started? I have a init script, which removes some of ip addresses from monitoring, but am still getting detections for them (which is bad). J
The datastructure is checked in “event new_connections()” for matches. The unwanted detection events only seems to happen in the very first moments after starting Bro, so I’m assuming that the problem occours because the rules are not yet in my datastructure, but could of course be wrong.
If bro_init does not (as default) finish before other events are accepted, is there a way to force bro_init to finish first?
Thanks for any help,
Mirko