[Bro] conditional loading

Dnj dnj0496 at gmail.com
Wed Dec 2 21:16:21 PST 2015 

Thanks Seth. 


> On Dec 1, 2015, at 9:27 PM, Seth Hall <seth at icir.org> wrote:
> 
> You already got the correct advice in this thread, but just to close it out I’ll go into a bit more detail on why it couldn’t work.
> 
> Since “@if” is a parser directive, that code is executed while the code is being parsed but the code within a “when” block is executed asynchronously.  There is higher-order problem that I’ll get to next, but conceptually that @if wouldn’t work anymore since it wouldn’t be executed until later when the when statement’s body executes.
> 
> The high level problem is that it looks like you have a lot of code outside of event handlers.  There isn’t much support for code outside of event handlers in Bro since that means the code would only be executed at parse time which is frequently not a useful time to accomplish things.  If you want to do something at startup you would work in a bro_init event handler (which still wouldn’t work for what you want to do unfortunately).
> 
> I would follow Anthony’s advice and do a condition in a script that just changes behavior based on the result of the command that gets executed.  On the upside, this give you the flexibility to re-run the command later and have behavior change dynamically.
> 
> .Seth
> 
>> On Nov 30, 2015, at 9:43 PM, Dk Jack <dnj0496 at gmail.com> wrote:
>> 
>> the directives don't seem to have file test operators. I tried to do the following...
>> 
>> local c = "test -f filters.bro";
>> local cmd = Exec::Command($cmd=c);
>> 
>> when (local res = Exec::run(cmd))
>> {
>>  @if (res$exit_code == 0)
>>  {
>>    @load filters.bro;
>>  }
>> }
>> 
>> 
>> However, I am getting parsing errors...
>> 
>> ---------------------------------------------------------------
>> referencing a local name in @if (res)
>> invalid expression in @if (res$exit_code == 0)
>> ---------------------------------------------------------------
>> 
>> Dnj
>> 
>> 
>> On Mon, Nov 30, 2015 at 4:41 PM, anthony kasza <anthony.kasza at gmail.com> wrote:
>> See here:
>> https://www.bro.org/sphinx/script-reference/directives.html
>> 
>> -AK
>> 
>> On Nov 30, 2015 4:36 PM, "Dk Jack" <dnj0496 at gmail.com> wrote:
>> Hi,
>> Is it possible to perform conditional loading of bro script files ?
>> In my local.bro file, I'd like to do something like this:
>> 
>> if file 'filters.bro' exists
>> {
>> @load filters.bro
>> }
>> 
>> The file filters.bro may or may not exist because it's getting generated from an external program.
>> Thanks for your help in advance.
>> 
>> Dnj
>> 
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>> 
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> 
> --
> Seth Hall
> International Computer Science Institute
> (Bro) because everyone has a network
> http://www.bro.org/
>

More information about the Bro mailing list