[Bro-Dev] [JIRA] (BIT-1131) Global Variable Containing Trace Filename
Seth Hall (JIRA)
jira at bro-tracker.atlassian.net
Wed Feb 12 09:11:37 PST 2014
[ https://bro-tracker.atlassian.net/browse/BIT-1131?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15540#comment-15540 ]
Seth Hall commented on BIT-1131:
--------------------------------
Yep, I really think this should wait a bit. Once a few more things are nailed down we should be able to approach.
Ultimately I would not like this request implemented as it is because I would like the ability to load pcap files programmatically within scripts and this would be implementing an API that is born deprecated.
> Global Variable Containing Trace Filename
> -----------------------------------------
>
> Key: BIT-1131
> URL: https://bro-tracker.atlassian.net/browse/BIT-1131
> Project: Bro Issue Tracker
> Issue Type: New Feature
> Components: Bro
> Affects Versions: 2.2
> Environment: All. This is a feature for scriptland and is environment independent. It only benefits environments using Bro in post processing situations.
> Reporter: AK
> Labels: language
>
> It would be nice to have a @PKTSOURCE variable similar to the @FILENAME and @DIR variables. Somehow exposing the filename of the pcap being processed is the end goal.
> One use case could be dynamically loading scripts with @if statements or altering control flow within scripts depending on the name of the pcap file. Consider if tcpdump is used to record (and rotate) daily packet captures and Bro is used in a post processing manner. Assuming the packet capture is named according to the day it was recorded on, it would be rather handy for scriptland to behave differently depending on the pcap name. Additionally, it would be handy to be able to include the name of the pcap file in log file names or log records.
--
This message was sent by Atlassian JIRA
(v6.2-OD-09-036#6252)
More information about the bro-dev
mailing list