Hi,
I dont know why but giving tcp before local in command not giving redef error. I used
bro -r trace1.tcpdump tcp local
Then again edited local.bro adding 2 more lines
redef local_nets: set[subnet] = {
a.b.c.d/24,
};
@load brolite
@load brolite-sigs
I tried the same command but giving more run time compilation errors
964800422.648548 run-time error: error compiling pattern
/usr/local/bro//policy/worm.bro, line 23: run-time error: error compiling pattern /^?.*(.id[aq]?.*XXXXXXXXXXXXX)/
/usr/local/bro//policy/brolite.bro, line 138: run-time error: error compiling pattern /^?.*(.*exe)
/usr/local/bro//policy/smtp.bro, line 281: run-time error: error compiling pattern /^?.(<( |\t))/
/usr/local/bro//policy/irc.bro, line 60: run-time error: error compiling pattern
/usr/local/bro//policy/login.bro, line 141: run-time error: error compiling pattern /^?.*(.Trojaning in progress.)/
in the same way ftp, portmapper. hot-ids, http-request.bro too…
To solve run time compilation errors I saw in wiki to delete few files and build again with make.
but no luck…
Plz help to resolve this issue.
Thanks
–uday