Hi,

I dont know why but giving tcp before local in command not giving redef error. I used

bro -r trace1.tcpdump tcp local

Then again edited local.bro adding 2 more lines

redef local_nets: set[subnet] = {
a.b.c.d/24,
};

@load brolite
@load brolite-sigs

I tried the same command but giving more run time compilation errors

964800422.648548 run-time error: error compiling pattern

/usr/local/bro//policy/worm.bro, line 23: run-time error: error compiling pattern /^?.*(.id[aq]?.*XXXXXXXXXXXXX)/

/usr/local/bro//policy/brolite.bro, line 138: run-time error: error compiling pattern /^?.*(.*exe)

/usr/local/bro//policy/smtp.bro, line 281: run-time error: error compiling pattern /^?.(<( |\t))/

/usr/local/bro//policy/irc.bro, line 60: run-time error: error compiling pattern

/usr/local/bro//policy/login.bro, line 141: run-time error: error compiling pattern /^?.*(.Trojaning in progress.)/

in the same way ftp, portmapper. hot-ids, http-request.bro too…

To solve run time compilation errors I saw in wiki to delete few files and build again with make.

but no luck…

Plz help to resolve this issue.

Thanks

–uday