[Bro] error inputting a table with sets in '$val'
Earl Eiland
earl.eiland at root9b.com
Mon Aug 10 07:13:03 PDT 2015
Hello.
I’m reading a table into a script. The table includes two sets in the values fields. When executing the script, I’m getting the error message ”Did not find requested field service in input data file model2.log”
Following the example in bro/testing/btest/scripts/base/frameworks/input/setseparator.bro, I’ve redefined the set separator as ‘|’ (redef InputAscii::set_separator = "|";).
The
The table key consists of two addresses, node_A and node_B.
My value inputs consist of two sets, which can consist of just a single value; all fields are separated by tabs. The first two lines of my input file are:
#fields node_A node_B layer_3_4 service
xxx.yyy.zzz.30 xxx.yyy.255.255 udp dns
xxx.yyy.zzz are valid IP address values.
It appears that the strings ‘udp’ and ‘dns’ are both being read as part of the layer_3_4 set. Since they are separated by a tab instead of ‘|’, they should be interpreted as separate fields. How do I correct this read error?
Best Regards,
Earl Eiland,
Sr. Cyber Security Engineer,
Emerging Technologies, root9B,
San Antonio, Texas
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150810/6f49753b/attachment.html
More information about the Bro
mailing list