Got a lot of ERROR in report log for the smtp. "....Reporter::ERROR field value missing [SMTPurl::c$smtp$from] ....." Is that some way to ignore this record?
-Jim
Jim,
It's normally best to prevent these errors by checking to determine if the value exists before using it.
For example:
if ( c$smtp?$from )
## do stuff
Lots of errors within Bro scripts can cause some pretty interesting problems with your cluster.
Great Thanks,
-Jim
In your scripts, you can (and should) check the existence of optional values (like from in smtp) using the ?$ operator.
In this case, if c$smtp?$from returns true, the field is set and you can access it.
Johanna