[Bro-Dev] [JIRA] (BIT-1475) Exec::Run does not complete

Aaron (JIRA) jira at bro-tracker.atlassian.net
Fri Sep 18 12:37:01 PDT 2015 

    [ https://bro-tracker.atlassian.net/browse/BIT-1475?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22110#comment-22110 ] 

Aaron edited comment on BIT-1475 at 9/18/15 2:36 PM:
-----------------------------------------------------

The extra flag appears to help when the script is as short as my example.... But when I try to use my real script, which would take longer than the example, I again do not see any output (I guess the script runtime was longer than the pcap duration).

Edit: Based on your description of the cause, it sounds like shouldn't be a problem if bro is consuming packets live? But it makes it very hard to test scripts in offline/batch mode...


was (Author: ajmills):
The extra flag appears to help when the script is as short as my example.... But when I try to use my real script, which would take longer than the example, I again do not see any output (I guess the script runtime was longer than the pcap duration).

> Exec::Run does not complete
> ---------------------------
>
>                 Key: BIT-1475
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1475
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: git/master, 2.3
>         Environment: Centos 6.6
>            Reporter: Aaron
>              Labels: hang
>             Fix For: 2.5
>
>         Attachments: bro.tar.gz
>
>
> I'm having trouble running an external  program in the callback function for an event when processing a pcap file.  It seems to work in bro_init, however, which confuses me. 
> The working file will print out the output of the "ls" command, whereas the not-working file will not print out anything no matter how long I wait.
> Specifically here I want to use the event when bro detects a file in the pcap.
> working.bro (ran as simply "bro working.bro"):
> {code:java}
> @load base/utils/exec
> redef exit_only_after_terminate=T;
> event bro_init()
> {
>         local t= "ls /";
>         local cmd = Exec::Command($cmd=t);
>         when (local res = Exec::run(cmd))
>         {
>                 print "hello";
>                 print res$stdout;
>         }
> }
> {code}
> notworking.bro (ran as bro -r my.pcap notworking.bro:
> {code:java}
> @load base/utils/exec
> @load base/frameworks/files
> @load base/frameworks/notice
> redef exit_only_after_terminate=T;
> event file_new(f: fa_file)
>     {
>         local t ="ls /";
>         local cmd = Exec::Command($cmd=t);
>         when (local res = Exec::run(cmd))
>         {
>                 print "hello";
>                 print res$stdout;
>         }
>     }
> {code}



--
This message was sent by Atlassian JIRA
(v7.0.0-OD-05-005#70102)

More information about the bro-dev mailing list