[Bro] Reading data into a table
Earl Eiland
earl.eiland at root9b.com
Tue Sep 29 08:14:39 PDT 2015
Hello, Damian.
I ran into a similar situation. I had defined conversation end nodes in a set and tried to use the set as a table entry identifier – bro does not support this. I got around the problem by generating a table entry for both end node permutations.
Earl Eiland
From: bro-bounces at bro.org [mailto:bro-bounces at bro.org] On Behalf Of Damian Gerow
Sent: Tuesday, September 29, 2015 9:22 AM
To: bro at bro.org
Subject: [Bro] Reading data into a table
We've run into a few problems with our scripts and the use of &persistent, so we're looking to do some home-grown persistence. These scripts are part of a module called ConnectionValidation; the applicable bits of the scripts are at https://gist.github.com/mutemule/6076cddce3ce8c9e7013. It's worth pointing out that the module as a whole is loaded in to all components, but the persistence layer is only loaded in to the proxy.
What I'm seeing is the table being written to disk as expected during bro_done(), but seemingly not being read back in during bro_init(): after startup, the table remains blank in all cluster components.
I'd previously tried this with a set instead of a table, but that didn't work. Then I tried using events to populate the set, but that also didn't work. So now I'm on a table, and following the input framework documentation[0] almost exactly, but it's still not doing what I expected.
What am I doing wrong? How do I read a table in from disk during initialization/startup?
[0] https://www.bro.org/sphinx/frameworks/input.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150929/43b9f564/attachment.html
More information about the Bro
mailing list