[Bro-Dev] Hui Lin_can I directly call linux shell script within event handler

Matthias Vallentin vallentin at icir.org
Sun Nov 27 20:42:14 PST 2011


> Within Bro's event handler, can I use bro's script to call Linux shell
> script or perl script directly?

You can use Bro's system function to execute an arbitrary command:

    system(s: string): int

        Invokes a command via the system function. Returns true if the
        return value of system was non-zero. Returns the return value
        from the system() call. Note that this corresponds to the status
        of backgrounding the given command, not to the exit status of
        the command itself. A value of 127 corresponds to a failure to
        execute sh, and -1 to an internal system failure. Furthermore,
        the command is run in the background with stdout redirected to
        stderr

It is good idea to call

    str_shell_escape(source: string): string

on the argument to system.

    Matthias


More information about the bro-dev mailing list