[Bro-Dev] [JIRA] (BIT-1131) Global Variable Containing Trace Filename

Robin Sommer (JIRA) jira at bro-tracker.atlassian.net
Wed Feb 12 08:33:38 PST 2014 

    [ https://bro-tracker.atlassian.net/browse/BIT-1131?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15539#comment-15539 ] 

Robin Sommer commented on BIT-1131:
-----------------------------------

What would happen if Bro reads from multiple sources
(interfaces/files). The easiest way I can think of would be providing
a built-in function that just provides a list of all of them.

Also, we should probably wait with this until we've settled on how to
handle packet sources in the future. There are a number ideas floating
around, in particular allowing script-land to add/remove sources on
the fly.






> Global Variable Containing Trace Filename
> -----------------------------------------
>
>                 Key: BIT-1131
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1131
>             Project: Bro Issue Tracker
>          Issue Type: New Feature
>          Components: Bro
>    Affects Versions: 2.2
>         Environment: All. This is a feature for scriptland and is environment independent. It only benefits environments using Bro in post processing situations.
>            Reporter: AK
>              Labels: language
>
> It would be nice to have a @PKTSOURCE variable similar to the @FILENAME and @DIR variables. Somehow exposing the filename of the pcap being processed is the end goal.
> One use case could be dynamically loading scripts with @if statements or altering control flow within scripts depending on the name of the pcap file. Consider if tcpdump is used to record (and rotate) daily packet captures and Bro is used in a post processing manner. Assuming the packet capture is named according to the day it was recorded on, it would be rather handy for scriptland to behave differently depending on the pcap name. Additionally, it would be handy to be able to include the name of the pcap file in log file names or log records.



--
This message was sent by Atlassian JIRA
(v6.2-OD-09-036#6252)

More information about the bro-dev mailing list