[Bro] Running external command line programs
Chris Crawford
christopher.p.crawford at gmail.com
Thu Feb 21 13:47:53 PST 2013
Hmm...I tried it two ways, with no luck:
$ bro -r test.pcap
/usr/local/bro-2.1/share/bro/policy/frameworks/communication/listen.bro
exec-test.bro
hello
run
run finished
date
{
[/tmp/bro-exec-DdEgoyU0zwf] = [exit_code=0, stdout=<uninitialized>,
stderr=<uninitialized>]
}
and
$ cat exec-test.bro
@load ./exec
@load frameworks/communication/listen
event bro_init()
{
print "hello";
Exec::run("date", function(r: Exec::Result) {
print "test";
if ( ! r?$stdout )
{
print "nothing?!?";
return;
}
for ( i in r$stdout )
{
print r$stdout[i];
print r$stdout;
}
});
}
$ bro -r test.pcap exec-test.bro
hello
run
run finished
date
{
[/tmp/bro-exec-f6eBToBcMd6] = [exit_code=0, stdout=<uninitialized>,
stderr=<uninitialized>]
}
Is there another way to load the listen script?
On Thu, Feb 21, 2013 at 4:41 PM, Seth Hall <seth at icir.org> wrote:
>
> On Feb 21, 2013, at 4:33 PM, Chris Crawford <
> christopher.p.crawford at gmail.com> wrote:
>
> > But, that data never makes it to the output in the bro script.
> >
> > I'm curious why "test" never gets printed.
>
> Bro's shutting down before it gets a chance to. :)
>
> When you run Bro, load the frameworks/communication/listen script. That
> will cause Bro not to shut down right after starting up and will give your
> script a chance to run.
>
> .Seht
>
>
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro-ids.org/
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20130221/6adcc5b9/attachment.html
More information about the Bro
mailing list