[Bro] debugging script
Dk Jack
dnj0496 at gmail.com
Thu Aug 4 14:19:06 PDT 2016
Thanks Johanna, Justin,
flush_all helped.
Bhasker.
> On Aug 4, 2016, at 9:56 AM, "Azoff, Justin S" <jazoff at illinois.edu> wrote:
>
>
>> On Aug 4, 2016, at 12:21 PM, Johanna Amann <johanna at icir.org> wrote:
>>
>> Hi,
>>
>>> After changing the file contents, the new data doesn't seem to be making it
>>> into the table. I tried adding print statements into the 'event entry' but
>>> not sure where those prints are going. Where do the output of the print
>>> statements go on a running system (i.e. a cluster)? Is there a way for me
>>> add some debugging info into scripts i.e. printf like debugging? Any
>>> pointers are much appreciated... thanks.
>>
>> When you are running with broctl, I think the print output goes into
>> [install-base]/spool/[nodename]/stdout.log.
>>
>> So, e.g. [base]/spool/worker-1/stdout.log.
>
> One gotcha with this (that has tripped me up an embarrassing number of times and as most recently as yesterday) is that those files are buffered.
>
> If you only print a few lines, nothing will be written to stdout.log until bro stops. To fix that, you can just do
>
> print("whatever");
> flush_all();
>
>
> Or if you are doing a lot of testing, have this in place:
>
> event flush() {
> flush_all();
> schedule 5sec { flush() };
> }
>
> event bro_init() {
> schedule 5sec { flush() };
> }
>
> I vaguely remember there is a way to just set all files to be non-buffered.. though hard flushing every few seconds probably is better for performance.
>
> --
> - Justin Azoff
>
More information about the Bro
mailing list