[Bro-Dev] [JIRA] (BIT-1453) Input::add_table is not properly reading in sets

Daniel Thayer (JIRA) jira at bro-tracker.atlassian.net
Thu Aug 13 07:54:01 PDT 2015 

    [ https://bro-tracker.atlassian.net/browse/BIT-1453?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21607#comment-21607 ] 

Daniel Thayer commented on BIT-1453:
------------------------------------

I can reproduce those errors.  The problem is that the file "model2.log.txt"
contains newline characters that do not match those used in Linux (perhaps
you created the file on another OS, and then copied it over to your Linux 
machine?).  If you look at the file using the "vi" editor in Linux, you 
can see "^M" characters at the end of each line.  If you remove those, then
the errors disappear.


> Input::add_table is not properly reading in sets
> ------------------------------------------------
>
>                 Key: BIT-1453
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1453
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.4
>         Environment: ArchLinux on VMware
>            Reporter: earl eiland
>            Assignee: Johanna Amann
>              Labels: Input::add_table
>         Attachments: input.bro, input.log, model2.log.txt
>
>
> I’m reading a table into a script.  The table includes two sets in the values fields.  When executing the script, I’m getting the error message ”Did not find requested field service in input data file model2.log”
> Following the example in bro/testing/btest/scripts/base/frameworks/input/setseparator.bro, I’ve redefined the set separator as ‘|’ (redef InputAscii::set_separator = "|";).
> The 
> The table key consists of two addresses, node_A and node_B.
> My value inputs consist of two sets, which can consist of just a single value; all fields are separated by tabs.  The first two lines  of my input file are:
> #fields  node_A                                node_B                                layer_3_4            service
> xxx.yyy.zzz.30   xxx.yyy.255.255                udp        dns
> xxx.yyy.zzz are valid IP address values.
> It appears that the strings ‘udp’ and ‘dns’ are both being read as part of the layer_3_4 set.  Since they are separated by a tab instead of ‘|’, they should be interpreted as separate fields.  



--
This message was sent by Atlassian JIRA
(v6.5-OD-08-001#65007)

More information about the bro-dev mailing list