[Bro-Dev] [JIRA] (BIT-1453) Input::add_table is not properly reading in sets

earl eiland (JIRA) jira at bro-tracker.atlassian.net
Thu Aug 13 08:03:00 PDT 2015


    [ https://bro-tracker.atlassian.net/browse/BIT-1453?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21608#comment-21608 ] 

earl eiland commented on BIT-1453:
----------------------------------

Thanks, Daniel.

I'm using python's csv writer -- in Linux, but clearly, it's adding a newline.  Thanks for the analysis!  When I've figured out the correct csv.writer() parameter, I'll share it with the community.

Earl



> Input::add_table is not properly reading in sets
> ------------------------------------------------
>
>                 Key: BIT-1453
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1453
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.4
>         Environment: ArchLinux on VMware
>            Reporter: earl eiland
>            Assignee: Johanna Amann
>              Labels: Input::add_table
>         Attachments: input.bro, input.log, model2.log.txt
>
>
> I’m reading a table into a script.  The table includes two sets in the values fields.  When executing the script, I’m getting the error message ”Did not find requested field service in input data file model2.log”
> Following the example in bro/testing/btest/scripts/base/frameworks/input/setseparator.bro, I’ve redefined the set separator as ‘|’ (redef InputAscii::set_separator = "|";).
> The 
> The table key consists of two addresses, node_A and node_B.
> My value inputs consist of two sets, which can consist of just a single value; all fields are separated by tabs.  The first two lines  of my input file are:
> #fields  node_A                                node_B                                layer_3_4            service
> xxx.yyy.zzz.30   xxx.yyy.255.255                udp        dns
> xxx.yyy.zzz are valid IP address values.
> It appears that the strings ‘udp’ and ‘dns’ are both being read as part of the layer_3_4 set.  Since they are separated by a tab instead of ‘|’, they should be interpreted as separate fields.  



--
This message was sent by Atlassian JIRA
(v6.5-OD-08-001#65007)



More information about the bro-dev mailing list