[Bro] Running external command line programs

Chris Crawford christopher.p.crawford at gmail.com
Thu Feb 21 12:16:46 PST 2013


Hey Seth,

Having this type of functionality would be awesome!  It would "unlock" bro
to the point where we would only be limited by our imaginations with what
we could make bro do.

I know you mentioned that the current stuff is broken on github, but I gave
it a try anyways (I modified the command in exec-test.bro to the date
command):

$ bro -r test.pcap exec-test.bro
entering the async whatever
yay!
{
[/tmp/bro-exec-4N1gxc3hF32] = [Thu Feb 21 2013]
}
bro: bro-2.1/src/Trigger.cc:227: bool Trigger::Eval(): Assertion
`frame->GetCall()' failed.
Aborted

So close, and yet so far.

I'm assuming that this is the bug that you mentioned Bro 2.2 will fix.
When is Bro 2.2 expected to be released?

-Chris


On Tue, Feb 19, 2013 at 10:38 AM, Seth Hall <seth at icir.org> wrote:

>
> On Feb 19, 2013, at 10:11 AM, Seth Hall <seth at icir.org> wrote:
>
> > I thought I should mention that I did some more updates to make this
> work better and the current commit that is in my github repository is
> broken.  We're going to be fixing a bug in Bro and likely including this
> functionality in Bro 2.2.
>
>
> I just got a question asking about getting a working version.  You can
> checkout a commit after you clone the repository that does work like this..
>
>         git checkout edf424
>
>   .Seth
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130221/459fc0d7/attachment.html 


More information about the Bro mailing list