[Bro] bro script q.

anthony kasza anthony.kasza at gmail.com
Fri Oct 7 14:24:35 PDT 2016


In your example you're defining the same function twice within the global
namespace. This might be causing an issue.
Try using the module and export functionality of the scripting language.

-AK

On Oct 7, 2016 3:20 PM, "Dk Jack" <dnj0496 at gmail.com> wrote:

Hi,
Can a function defined in one script be accessed from another script?
Currently, I have the following in two files:

File A:

global myfunc: function(c: connection, msg: string): string

function myfunc(c: connection, msg: string): string
{
   ...
   print fmt("myfunc: called from %s", msg);
   ...
   return mystring;
}

event someEventA(c: connection, ...)
{
    ...
    c$fileA$myfunc_result = myfunc(c, "fileA");
}

File B:
global myfunc: function(c: connection, msg: string): string

even someEventB(c: connection, ...)
{
    ...
    c$fileB$myfunc_result = myfunc(c, "fileB");
    ...
}

This compiles and runs fine when I run against a pcap. The events
'someEventA' and 'someEventB' write to two different log files. In log
fileA, I see all the columns populated include myfunc_result column.
However, in log fileB, I the myfunc_result shows the default string 'NA'.
In the standard out file, I only see 'myfunc: called from fileA' messages.

Since the myfunc function is performing a lookup on a table (loaded from
file on disk), I'd like both the events to be able to see the same info.
What am I doing wrong which is preventing me from accessing myfunc function
from fileB. Thanks.

Dk.

_______________________________________________
Bro mailing list
bro at bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161007/13bcf557/attachment.html 


More information about the Bro mailing list