[Bro] Conceptual question on main.bro files
zeolla at gmail.com
Tue Feb 14 12:12:13 PST 2017
As far as I'm aware, main.bro isn't actually special. It's just a
pseudo-standard (maybe a real standard, even) for a main/primary bro script
for a folder/organizational area. What is special is __load__.bro. If you
use @load to load a directory, it will look there for __local__.bro, and
then follow whatever instructions it finds (@load or @load-sigs, for
instance). You will sometimes find that __load__.bro has a `@load
./main.bro` statement in it. For instance:
So, for instance, if you go to local.bro
you will find `@load tuning/defaults`, then if you go to the tuning/defaults
you find a __load__.bro
which will be followed to load some bro scripts which are /not/ main.bro.
In this situation, main.bro doesn't exist for tuning/defaults, and that's
Another example is, go to local.bro, and find `@load
misc/detect-traceroute` (commented out by default). But if you follow what
would happen if this was uncommented, it would go to misc/detect-traceroute
load __load__.bro due to convention, and then the relative main.bro
loaded because it's specified in __load__.bro.
Hope that helps - also, please correct me if there is an actual main.bro
convention anywhere that I'm not aware of.
On Tue, Feb 14, 2017 at 2:54 PM Espresso Beanies <espressobeanies at gmail.com>
> I'm trying to better understand Bro's architecture and what is the
> significance of the "main.bro" files in relation to the other .bro files?
> I'm guessing some heirarchal purpose, but I don't see a "main.bro" file in
> every folder that contains a .bro file itself. Is someone able to better
> Bro mailing list
> bro at bro-ids.org
Sent from my mobile device
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro