[Bro-Dev] [JIRA] (BIT-1453) Input::add_table is not properly reading in sets

Johanna Amann (JIRA) jira at bro-tracker.atlassian.net
Wed Aug 12 13:53:00 PDT 2015 

    [ https://bro-tracker.atlassian.net/browse/BIT-1453?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21603#comment-21603 ] 

Johanna Amann commented on BIT-1453:
------------------------------------

Hello Earl,

I am sorry, but I cannot reproduce your bug. I tried to create a log file and a bro script reading it according to your report and everything seems to work fine (working files uploaded to the bug as input.bro and input.log)

To reproduce this, could you please upload the exact source file that you used to this ticket (or send it to me directly at johanna @ bro.org), in the optimal case including the script file that you are using?

Thank you,
 Johanna

> Input::add_table is not properly reading in sets
> ------------------------------------------------
>
>                 Key: BIT-1453
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1453
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.4
>         Environment: ArchLinux on VMware
>            Reporter: earl eiland
>            Assignee: Johanna Amann
>              Labels: Input::add_table
>         Attachments: input.bro, input.log
>
>
> I’m reading a table into a script.  The table includes two sets in the values fields.  When executing the script, I’m getting the error message ”Did not find requested field service in input data file model2.log”
> Following the example in bro/testing/btest/scripts/base/frameworks/input/setseparator.bro, I’ve redefined the set separator as ‘|’ (redef InputAscii::set_separator = "|";).
> The 
> The table key consists of two addresses, node_A and node_B.
> My value inputs consist of two sets, which can consist of just a single value; all fields are separated by tabs.  The first two lines  of my input file are:
> #fields  node_A                                node_B                                layer_3_4            service
> xxx.yyy.zzz.30   xxx.yyy.255.255                udp        dns
> xxx.yyy.zzz are valid IP address values.
> It appears that the strings ‘udp’ and ‘dns’ are both being read as part of the layer_3_4 set.  Since they are separated by a tab instead of ‘|’, they should be interpreted as separate fields.  



--
This message was sent by Atlassian JIRA
(v6.5-OD-08-001#65007)

More information about the bro-dev mailing list