[Bro] Script Question

Matthias Vallentin vallentin at icir.org
Mon Feb 20 15:18:43 PST 2012

> for (i in hlist )
> {
>  local hdr = hlist[i];
>  Log::write(BrowserHeaders::LOG, ...)
>  ....
> }

This create a log record for each header. Is that what you want? Or would you
like to record HTTP headers for each request/reply in a single line?

> I've tried using both the NOTICE facility and creating my own log to
> at least log to see if any header values are getting processed.  I'm
> not sure if I'm doing it wrong or if http_all_headers doesn't do what
> I think it should when I think it should.

You could inserting bare print statements and then running the script on a
small trace using just the Bro binary, e.g.,

    bro -r your_trace your_script

and observe the output on STDOUT.

> I can attach the script if necessary, but I'm curious how I can get more
> information or even a basic way to verify that one of these events is even
> happening.

That would always help to give you feedback.

> On the upside a broctl check returns ok when I have my script loaded,
> but just because there aren't any errors doesn't mean I did it right.

Right, some bugs (often value initialization) only manifest at runtime and are
not detectable at the time when you do 'broctl check.'


More information about the Bro mailing list