event protocol_confirmation(c: connection, atype: Analyzer::Tag, aid: count)
local service_id = split_string_all("a-b--cd", /(-)+/);
Executing this script fails with "unknown identifier split_string_all, at or near “split_string_all””.
The split_string_all command is taken directly from the documentation: https://www.bro.org/sphinx/scripts/base/bif/strings.bif.bro.html#id-split_string_all
split_string_all() was introduced with 2.4, 2.3 doesn't have it.
That would indeed cause an error! I installed from the git repository last week using the instructions in the document, and thought I was getting the latest and greatest release. Do I need to go elsewhere for 2.4?
That should indeed get you the latest version, although you selected
2.3 as the version with the ticket? What does "bro -v" say?
I checked on the install. It turns out that the previous version had not been removed, and I was still using it – the classic PICNIC error
Tomorrow, I'll try the correct executable.