search

vitalyrepin / uap-bro

User Agent Parser - Bro implementation based on uap-core
BSD 3-Clause "New" or "Revised" License
9 stars 2 forks source link

which log file should the generated log be? #2

Closed yhgcn closed 6 years ago

yhgcn commented 6 years ago

Excuse me, where is the _uap_core_regexpath configured and in which log file should the generated log be?

root@ubuntu:/usr/local/bro-2.5.4# broctl check bro scripts are ok. root@ubuntu:/usr/local/bro-2.5.4# broctl status Name Type Host Status Pid Started bro standalone localhost running 21179 22 Jun 10:05:27 root@ubuntu:/usr/local/bro-2.5.4# broctl diag [bro]

No core file found and gdb is not installed. It is recommended to install gdb so that BroControl can output a backtrace if Bro crashes.

Bro 2.5.4 Linux 4.4.0-128-generic

Bro plugins: VR::UAP - User Agent Parser - Bro implementation based on uap-core (dynamic, version 0.1)

==== No reporter.log

==== stderr.log listening on ens33

==== stdout.log max memory size (kbytes, -m) unlimited data seg size (kbytes, -d) unlimited virtual memory (kbytes, -v) unlimited core file size (blocks, -c) unlimited

==== .cmdline -i ens33 -U .status -p broctl -p broctl-live -p standalone -p local -p bro local.bro broctl broctl/standalone broctl/auto

==== .env_vars PATH=/usr/local/bro-2.5.4/bin:/usr/local/bro-2.5.4/share/broctl/scripts:/usr/local/bro/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games BROPATH=/usr/local/bro-2.5.4/spool/installed-scripts-do-not-touch/site::/usr/local/bro-2.5.4/spool/installed-scripts-do-not-touch/auto:/usr/local/bro-2.5.4/share/bro:/usr/local/bro-2.5.4/share/bro/policy:/usr/local/bro-2.5.4/share/bro/site CLUSTER_NODE=

==== .status RUNNING [net_run]

==== No prof.log

==== packet_filter.log

separator \x09

set_separator ,

empty_field (empty)

unset_field -

path packet_filter

open 2018-06-22-10-31-26

fields ts node filter init success

types time string string bool bool

1529688686.714674 bro ip or not ip T T

==== loaded_scripts.log

separator \x09

set_separator ,

empty_field (empty)

unset_field -

path loaded_scripts

open 2018-06-22-10-31-26

fields name

types string

/usr/local/bro-2.5.4/share/bro/base/init-bare.bro /usr/local/bro-2.5.4/share/bro/base/bif/const.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/types.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/strings.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/bro.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/reporter.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SNMP.types.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_KRB.types.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/event.bif.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/broker/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/broker/main.bro /usr/local/bro-2.5.4/share/bro/base/bif/comm.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/messaging.bif.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/broker/store.bro /usr/local/bro-2.5.4/share/bro/base/bif/data.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/store.bif.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/logging/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/logging/main.bro /usr/local/bro-2.5.4/share/bro/base/bif/logging.bif.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/logging/postprocessors/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/logging/postprocessors/scp.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/logging/postprocessors/sftp.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/logging/writers/ascii.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/logging/writers/sqlite.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/logging/writers/none.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/input/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/input/main.bro /usr/local/bro-2.5.4/share/bro/base/bif/input.bif.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/input/readers/ascii.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/input/readers/raw.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/input/readers/benchmark.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/input/readers/binary.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/input/readers/sqlite.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/analyzer/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/analyzer/main.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/packet-filter/utils.bro /usr/local/bro-2.5.4/share/bro/base/bif/analyzer.bif.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/files/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/files/main.bro /usr/local/bro-2.5.4/share/bro/base/bif/file_analysis.bif.bro /usr/local/bro-2.5.4/share/bro/base/utils/site.bro /usr/local/bro-2.5.4/share/bro/base/utils/patterns.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/files/magic/load.bro /usr/local/bro-2.5.4/share/bro/base/bif/load.bro /usr/local/bro-2.5.4/share/bro/base/bif/stats.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/broxygen.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/pcap.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/bloom-filter.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/cardinality-counter.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/top-k.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/load.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_ARP.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_BackDoor.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_BitTorrent.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_ConnSize.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_ConnSize.functions.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_DCE_RPC.consts.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_DCE_RPC.types.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_DCE_RPC.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_DHCP.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_DNP3.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_DNS.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_File.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_Finger.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_FTP.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_FTP.functions.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_Gnutella.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_GSSAPI.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_GTPv1.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_HTTP.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_HTTP.functions.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_ICMP.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_Ident.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_IMAP.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_InterConn.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_IRC.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_KRB.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_Login.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_Login.functions.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_MIME.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_Modbus.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_MySQL.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_NCP.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_NCP.consts.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_NetBIOS.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_NetBIOS.functions.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_NTLM.types.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_NTLM.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_NTP.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_POP3.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_RADIUS.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_RDP.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_RDP.types.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_RFB.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_RPC.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SIP.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SNMP.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb1_com_check_directory.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb1_com_close.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb1_com_create_directory.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb1_com_echo.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb1_com_logoff_andx.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb1_com_negotiate.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb1_com_nt_create_andx.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb1_com_nt_cancel.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb1_com_query_information.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb1_com_read_andx.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb1_com_session_setup_andx.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb1_com_transaction.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb1_com_transaction2.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb1_com_tree_connect_andx.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb1_com_tree_disconnect.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb1_com_write_andx.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb1_events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb2_com_close.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb2_com_create.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb2_com_negotiate.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb2_com_read.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb2_com_session_setup.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb2_com_set_info.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb2_com_tree_connect.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb2_com_tree_disconnect.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb2_com_write.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.smb2_events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.consts.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMB.types.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMTP.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SMTP.functions.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SOCKS.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SSH.types.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SSH.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SSL.types.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SSL.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SSL.functions.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SteppingStone.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_Syslog.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_TCP.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_TCP.functions.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_Teredo.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_UDP.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_XMPP.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_FileEntropy.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_FileExtract.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_FileExtract.functions.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_FileHash.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_PE.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_Unified2.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_Unified2.types.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_X509.events.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_X509.types.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_X509.functions.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_AsciiReader.ascii.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_BenchmarkReader.benchmark.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_BinaryReader.binary.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_RawReader.raw.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_SQLiteReader.sqlite.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_AsciiWriter.ascii.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/Bro_NoneWriter.none.bif.bro /usr/local/bro-2.5.4/share/bro/base/bif/plugins/BroSQLiteWriter.sqlite.bif.bro **/usr/local/bro-2.5.4/lib/bro/plugins/packages/uap-bro/scripts/preload.bro /usr/local/bro-2.5.4/lib/bro/plugins/packages/uap-bro/scripts/types.bro /usr/local/bro-2.5.4/lib/bro/plugins/packages/uap-bro/lib/bif/load.bro /usr/local/bro-2.5.4/lib/bro/plugins/packages/uap-bro/lib/bif/uap.bif.bro /usr/local/bro-2.5.4/lib/bro/plugins/packages/uap-bro/lib/bif/types.bif.bro /usr/local/bro-2.5.4/lib/bro/plugins/packages/uap-bro/scripts/load.bro /usr/local/bro-2.5.4/lib/bro/plugins/packages/uap-bro/scripts/init.bro /usr/local/bro-2.5.4/lib/bro/plugins/packages/uap-bro/scripts/uap-utils.bro_** /usr/local/bro-2.5.4/share/bro/base/init-default.bro /usr/local/bro-2.5.4/share/bro/base/utils/active-http.bro /usr/local/bro-2.5.4/share/bro/base/utils/exec.bro /usr/local/bro-2.5.4/share/bro/base/utils/addrs.bro /usr/local/bro-2.5.4/share/bro/base/utils/conn-ids.bro /usr/local/bro-2.5.4/share/bro/base/utils/dir.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/reporter/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/reporter/main.bro /usr/local/bro-2.5.4/share/bro/base/utils/paths.bro /usr/local/bro-2.5.4/share/bro/base/utils/directions-and-hosts.bro /usr/local/bro-2.5.4/share/bro/base/utils/email.bro /usr/local/bro-2.5.4/share/bro/base/utils/files.bro /usr/local/bro-2.5.4/share/bro/base/utils/geoip-distance.bro /usr/local/bro-2.5.4/share/bro/base/utils/numbers.bro /usr/local/bro-2.5.4/share/bro/base/utils/queue.bro /usr/local/bro-2.5.4/share/bro/base/utils/strings.bro /usr/local/bro-2.5.4/share/bro/base/utils/thresholds.bro /usr/local/bro-2.5.4/share/bro/base/utils/time.bro /usr/local/bro-2.5.4/share/bro/base/utils/urls.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/notice/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/notice/main.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/notice/weird.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/notice/actions/drop.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/netcontrol/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/netcontrol/types.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/netcontrol/main.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/netcontrol/plugin.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/netcontrol/plugins/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/netcontrol/plugins/debug.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/netcontrol/plugins/openflow.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/openflow/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/openflow/consts.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/openflow/types.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/openflow/main.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/openflow/plugins/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/openflow/plugins/ryu.bro /usr/local/bro-2.5.4/share/bro/base/utils/json.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/openflow/plugins/log.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/openflow/plugins/broker.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/cluster/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/cluster/main.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/control/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/control/main.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/openflow/non-cluster.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/netcontrol/plugins/packetfilter.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/netcontrol/plugins/broker.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/netcontrol/plugins/acld.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/netcontrol/drop.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/netcontrol/shunt.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/netcontrol/catch-and-release.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/netcontrol/non-cluster.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/notice/actions/email_admin.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/notice/actions/page.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/notice/actions/add-geodata.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/notice/extend-email/hostnames.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/notice/non-cluster.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/notice/actions/pp-alarms.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/dpd/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/dpd/main.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/signatures/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/signatures/main.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/packet-filter/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/packet-filter/main.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/packet-filter/netstats.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/software/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/software/main.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/communication/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/communication/main.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/intel/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/intel/main.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/intel/files.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/intel/input.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/sumstats/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/sumstats/main.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/sumstats/plugins/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/sumstats/plugins/average.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/sumstats/plugins/hll_unique.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/sumstats/plugins/last.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/sumstats/plugins/max.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/sumstats/plugins/min.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/sumstats/plugins/sample.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/sumstats/plugins/std-dev.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/sumstats/plugins/variance.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/sumstats/plugins/sum.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/sumstats/plugins/topk.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/sumstats/plugins/unique.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/sumstats/non-cluster.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/tunnels/load.bro /usr/local/bro-2.5.4/share/bro/base/frameworks/tunnels/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/conn/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/conn/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/conn/contents.bro /usr/local/bro-2.5.4/share/bro/base/protocols/conn/inactivity.bro /usr/local/bro-2.5.4/share/bro/base/protocols/conn/polling.bro /usr/local/bro-2.5.4/share/bro/base/protocols/conn/thresholds.bro /usr/local/bro-2.5.4/share/bro/base/protocols/dce-rpc/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/dce-rpc/consts.bro /usr/local/bro-2.5.4/share/bro/base/protocols/dce-rpc/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/dhcp/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/dhcp/consts.bro /usr/local/bro-2.5.4/share/bro/base/protocols/dhcp/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/dhcp/utils.bro /usr/local/bro-2.5.4/share/bro/base/protocols/dnp3/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/dnp3/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/dnp3/consts.bro /usr/local/bro-2.5.4/share/bro/base/protocols/dns/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/dns/consts.bro /usr/local/bro-2.5.4/share/bro/base/protocols/dns/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/ftp/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/ftp/utils-commands.bro /usr/local/bro-2.5.4/share/bro/base/protocols/ftp/info.bro /usr/local/bro-2.5.4/share/bro/base/protocols/ftp/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/ftp/utils.bro /usr/local/bro-2.5.4/share/bro/base/protocols/ftp/files.bro /usr/local/bro-2.5.4/share/bro/base/protocols/ftp/gridftp.bro /usr/local/bro-2.5.4/share/bro/base/protocols/ssl/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/ssl/consts.bro /usr/local/bro-2.5.4/share/bro/base/protocols/ssl/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/ssl/mozilla-ca-list.bro /usr/local/bro-2.5.4/share/bro/base/protocols/ssl/files.bro /usr/local/bro-2.5.4/share/bro/base/files/x509/load.bro /usr/local/bro-2.5.4/share/bro/base/files/x509/main.bro /usr/local/bro-2.5.4/share/bro/base/files/hash/load.bro /usr/local/bro-2.5.4/share/bro/base/files/hash/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/http/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/http/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/http/entities.bro /usr/local/bro-2.5.4/share/bro/base/protocols/http/utils.bro /usr/local/bro-2.5.4/share/bro/base/protocols/http/files.bro /usr/local/bro-2.5.4/share/bro/base/protocols/imap/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/imap/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/irc/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/irc/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/irc/dcc-send.bro /usr/local/bro-2.5.4/share/bro/base/protocols/irc/files.bro /usr/local/bro-2.5.4/share/bro/base/protocols/krb/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/krb/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/krb/consts.bro /usr/local/bro-2.5.4/share/bro/base/protocols/krb/files.bro /usr/local/bro-2.5.4/share/bro/base/protocols/modbus/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/modbus/consts.bro /usr/local/bro-2.5.4/share/bro/base/protocols/modbus/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/mysql/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/mysql/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/mysql/consts.bro /usr/local/bro-2.5.4/share/bro/base/protocols/ntlm/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/ntlm/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/smb/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/smb/consts.bro /usr/local/bro-2.5.4/share/bro/base/protocols/smb/const-dos-error.bro /usr/local/bro-2.5.4/share/bro/base/protocols/smb/const-nt-status.bro /usr/local/bro-2.5.4/share/bro/base/protocols/pop3/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/radius/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/radius/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/radius/consts.bro /usr/local/bro-2.5.4/share/bro/base/protocols/rdp/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/rdp/consts.bro /usr/local/bro-2.5.4/share/bro/base/protocols/rdp/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/rfb/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/rfb/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/sip/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/sip/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/snmp/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/snmp/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/smtp/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/smtp/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/smtp/entities.bro /usr/local/bro-2.5.4/share/bro/base/protocols/smtp/files.bro /usr/local/bro-2.5.4/share/bro/base/protocols/socks/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/socks/consts.bro /usr/local/bro-2.5.4/share/bro/base/protocols/socks/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/ssh/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/ssh/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/syslog/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/syslog/consts.bro /usr/local/bro-2.5.4/share/bro/base/protocols/syslog/main.bro /usr/local/bro-2.5.4/share/bro/base/protocols/tunnels/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/xmpp/load.bro /usr/local/bro-2.5.4/share/bro/base/protocols/xmpp/main.bro /usr/local/bro-2.5.4/share/bro/base/files/pe/load.bro /usr/local/bro-2.5.4/share/bro/base/files/pe/consts.bro /usr/local/bro-2.5.4/share/bro/base/files/pe/main.bro /usr/local/bro-2.5.4/share/bro/base/files/extract/load.bro /usr/local/bro-2.5.4/share/bro/base/files/extract/main.bro /usr/local/bro-2.5.4/share/bro/base/files/unified2/load.bro /usr/local/bro-2.5.4/share/bro/base/files/unified2/main.bro /usr/local/bro-2.5.4/share/bro/base/misc/find-checksum-offloading.bro /usr/local/bro-2.5.4/share/bro/base/misc/find-filtered-trace.bro /usr/local/bro-2.5.4/share/bro/base/misc/version.bro /usr/local/bro-2.5.4/spool/installed-scripts-do-not-touch/site/local.bro /usr/local/bro-2.5.4/share/bro/policy/misc/loaded-scripts.bro /usr/local/bro-2.5.4/share/bro/policy/tuning/defaults/load.bro /usr/local/bro-2.5.4/share/bro/policy/tuning/defaults/packet-fragments.bro /usr/local/bro-2.5.4/share/bro/policy/tuning/defaults/warnings.bro /usr/local/bro-2.5.4/share/bro/policy/tuning/defaults/extracted_file_limits.bro /usr/local/bro-2.5.4/share/bro/policy/misc/capture-loss.bro /usr/local/bro-2.5.4/share/bro/policy/misc/stats.bro /usr/local/bro-2.5.4/share/bro/policy/misc/scan.bro /usr/local/bro-2.5.4/share/bro/policy/frameworks/software/vulnerable.bro /usr/local/bro-2.5.4/share/bro/policy/frameworks/software/version-changes.bro /usr/local/bro-2.5.4/share/bro/policy/protocols/ftp/software.bro /usr/local/bro-2.5.4/share/bro/policy/protocols/smtp/software.bro /usr/local/bro-2.5.4/share/bro/policy/protocols/ssh/software.bro /usr/local/bro-2.5.4/share/bro/policy/protocols/http/software.bro /usr/local/bro-2.5.4/share/bro/policy/protocols/dns/detect-external-names.bro /usr/local/bro-2.5.4/share/bro/policy/protocols/ftp/detect.bro /usr/local/bro-2.5.4/share/bro/policy/protocols/conn/known-hosts.bro /usr/local/bro-2.5.4/share/bro/policy/protocols/conn/known-services.bro /usr/local/bro-2.5.4/share/bro/policy/protocols/ssl/known-certs.bro /usr/local/bro-2.5.4/share/bro/policy/protocols/ssl/validate-certs.bro /usr/local/bro-2.5.4/share/bro/policy/protocols/ssl/log-hostcerts-only.bro /usr/local/bro-2.5.4/share/bro/policy/protocols/ssh/geo-data.bro /usr/local/bro-2.5.4/share/bro/policy/protocols/ssh/detect-bruteforcing.bro /usr/local/bro-2.5.4/share/bro/policy/protocols/ssh/interesting-hostnames.bro /usr/local/bro-2.5.4/share/bro/policy/protocols/http/detect-sqli.bro /usr/local/bro-2.5.4/share/bro/policy/frameworks/files/hash-all-files.bro /usr/local/bro-2.5.4/share/bro/policy/frameworks/files/detect-MHR.bro /usr/local/bro-2.5.4/share/bro/broctl/load.bro /usr/local/bro-2.5.4/share/bro/broctl/main.bro /usr/local/bro-2.5.4/share/bro/policy/frameworks/control/controllee.bro /usr/local/bro-2.5.4/share/bro/policy/frameworks/communication/listen.bro /usr/local/bro-2.5.4/share/bro/broctl/standalone.bro /usr/local/bro-2.5.4/spool/installed-scripts-do-not-touch/auto/standalone-layout.bro /usr/local/bro-2.5.4/share/bro/policy/misc/trim-trace-file.bro /usr/local/bro-2.5.4/share/bro/broctl/auto.bro /usr/local/bro-2.5.4/spool/installed-scripts-do-not-touch/auto/local-networks.bro /usr/local/bro-2.5.4/spool/installed-scripts-do-not-touch/auto/broctl-config.bro

vitalyrepin commented 6 years ago

Hello, uap_core_regex_path is defined in the file scripts/init.bro But you are not expected to modify it in order for this plugin to work as by default it points to the regexes.yaml file bundled with this package (located in the same directory "scripts").

This plugin does not generate any logs by itself. It exposes an API which you are expected to use in order to parse user-agent strings (check README for API description). E.g., you can use this API from http_message_done event handler (c$http$user_agent is the string with unparsed user agent there.)