[Bro-Dev] input-framework file locations
Seth Hall
seth at corelight.com
Mon Aug 28 18:48:42 PDT 2017
On 25 Aug 2017, at 16:56, Aashish Sharma wrote:
> global smtp_indicator_feed= fmt
> ("%s/feeds/smtp_malicious_indicators.out", at DIR) &redef ;
>
> Problem is: @DIR gives the path of the directory where script is
> residing.
>
> So when I do broctl install - all the scripts go into :
> ../spool/installed-scripts-do-not-touch/
Huh, that's definitely a problem that I can see limiting people. What
you might want to do is reference a particular directory and having
instructions for people that they need to make it writable by the user
running the Bro process (and the directory could be redef-able).
Alternately, it looks like you're only using that to persist state
across executions. Is that right? If you're doing that, then you could
possibly get away with storing in $TMP.
Once Broker is in Bro, you can use Broker data stores to store and
retrieve your data.
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com
More information about the bro-dev
mailing list