[Bro-Dev] Feedback on configuration framework implementation
Azoff, Justin S
jazoff at illinois.edu
Thu Dec 7 14:11:58 PST 2017
> On Nov 29, 2017, at 5:02 PM, Johanna Amann <johanna at corelight.com> wrote:
>
> The config reader provides a way to read configuration files back into
> Bro. Most importantly it automatically converts values to the correct
> types. This is important because it is at least inconvenient (and
> sometimes near impossible) to perform the necessary type conversions in
> Bro scripts themselves. This is especially true for sets/vectors.
>
> Configuration generally look like this:
>
> [option name][tab/spaces][new variable value]
>
> so, for example:
>
> testaddr 2607:f8b0:4005:801::200e
> testinterval 60
> testtime 1507321987
> test_set a b c d erdbeerschnitzel
>
> The reader uses the option name to look up the type that variable has in
> the Bro core and automatically converts the value to the correct type.
What are the limits of this automatic conversion?
There's currently a few use cases that are difficult to do using the input framework
when then involve loading things into a nested data structure... like a
table[subnet] of set[port]
It can be done, but requires using the input events and doing bookkeeping yourself.
Bro can serialize stuff to json, but I don't think we have the inverse implemented anywhere
Could be nice to be able to lay out values using something like
port_whitelist {192.168.0.0/24: [22/tcp,80/tcp], 192.168.1.0/24: [443/tcp]}
Maybe this is more of a job for broker? I know broker can easily serialize and transfer such
a data structure over the network, is there a plain text serialization implementation too?
—
Justin Azoff
More information about the bro-dev
mailing list