[Bro] [JIRA] (BIT-1453) Input::add_table is not properly reading in sets

Earl Eiland earl.eiland at root9b.com
Thu Aug 13 08:54:13 PDT 2015 

If you're writing bro input files with python and using csv, then csv.writer must have the correct parameters.  For example,
write_model = csv.writer(model_file, delimiter='\x09', lineterminator = '\n')

These settings place tabs between the columns and terminate lines with the newline character.

Earl

-----Original Message-----
From: Daniel Thayer (JIRA) [mailto:jira at bro-tracker.atlassian.net] 
Sent: Thursday, August 13, 2015 9:54 AM
To: Earl Eiland <earl.eiland at root9b.com>
Subject: [JIRA] (BIT-1453) Input::add_table is not properly reading in sets


    [ https://bro-tracker.atlassian.net/browse/BIT-1453?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=21607#comment-21607 ] 

Daniel Thayer commented on BIT-1453:
------------------------------------

I can reproduce those errors.  The problem is that the file "model2.log.txt"
contains newline characters that do not match those used in Linux (perhaps you created the file on another OS, and then copied it over to your Linux machine?).  If you look at the file using the "vi" editor in Linux, you can see "^M" characters at the end of each line.  If you remove those, then the errors disappear.


> Input::add_table is not properly reading in sets
> ------------------------------------------------
>
>                 Key: BIT-1453
>                 URL: https://bro-tracker.atlassian.net/browse/BIT-1453
>             Project: Bro Issue Tracker
>          Issue Type: Problem
>          Components: Bro
>    Affects Versions: 2.4
>         Environment: ArchLinux on VMware
>            Reporter: earl eiland
>            Assignee: Johanna Amann
>              Labels: Input::add_table
>         Attachments: input.bro, input.log, model2.log.txt
>
>
> I’m reading a table into a script.  The table includes two sets in the values fields.  When executing the script, I’m getting the error message ”Did not find requested field service in input data file model2.log”
> Following the example in bro/testing/btest/scripts/base/frameworks/input/setseparator.bro, I’ve redefined the set separator as ‘|’ (redef InputAscii::set_separator = "|";).
> The
> The table key consists of two addresses, node_A and node_B.
> My value inputs consist of two sets, which can consist of just a single value; all fields are separated by tabs.  The first two lines  of my input file are:
> #fields  node_A                                node_B                                layer_3_4            service
> xxx.yyy.zzz.30   xxx.yyy.255.255                udp        dns
> xxx.yyy.zzz are valid IP address values.
> It appears that the strings ‘udp’ and ‘dns’ are both being read as part of the layer_3_4 set.  Since they are separated by a tab instead of ‘|’, they should be interpreted as separate fields.  



--
This message was sent by Atlassian JIRA
(v6.5-OD-08-001#65007)

More information about the Bro mailing list