[Bro-Dev] [JIRA] (BIT-1131) Global Variable Containing Trace Filename

Tue Feb 11 20:05:37 PST 2014

AK created BIT-1131:
-----------------------

             Summary: Global Variable Containing Trace Filename
                 Key: BIT-1131
                 URL: https://bro-tracker.atlassian.net/browse/BIT-1131
             Project: Bro Issue Tracker
          Issue Type: New Feature
          Components: Bro
    Affects Versions: 2.2
         Environment: All. This is a feature for scriptland and is environment independent. It only benefits environments using Bro in post processing situations.
            Reporter: AK

It would be nice to have a @PKTSOURCE variable similar to the @FILENAME and @DIR variables. Somehow exposing the filename of the pcap being processed is the end goal.

One use case could be dynamically loading scripts with @if statements or altering control flow within scripts depending on the name of the pcap file. Consider if tcpdump is used to record (and rotate) daily packet captures and Bro is used in a post processing manner. Assuming the packet capture is named according to the day it was recorded on, it would be rather handy for scriptland to behave differently depending on the pcap name. Additionally, it would be handy to be able to include the name of the pcap file in log file names or log records.

--
This message was sent by Atlassian JIRA
(v6.2-OD-09-036#6252)