[Bro] debugging script

Dk Jack dnj0496 at gmail.com
Thu Aug 4 14:19:06 PDT 2016


Thanks Johanna, Justin,
flush_all helped. 

Bhasker. 

> On Aug 4, 2016, at 9:56 AM, "Azoff, Justin S" <jazoff at illinois.edu> wrote:
> 
> 
>> On Aug 4, 2016, at 12:21 PM, Johanna Amann <johanna at icir.org> wrote:
>> 
>> Hi,
>> 
>>> After changing the file contents, the new data doesn't seem to be making it
>>> into the table. I tried adding print statements into the 'event entry' but
>>> not sure where those prints are going. Where do the output of the print
>>> statements go on a running system (i.e. a cluster)? Is there a way for me
>>> add some debugging info into scripts i.e. printf like debugging? Any
>>> pointers are much appreciated... thanks.
>> 
>> When you are running with broctl, I think the print output goes into
>> [install-base]/spool/[nodename]/stdout.log.
>> 
>> So, e.g. [base]/spool/worker-1/stdout.log.
> 
> One gotcha with this (that has tripped me up an embarrassing number of times and as most recently as yesterday) is that those files are buffered.
> 
> If you only print a few lines, nothing will be written to stdout.log until bro stops.  To fix that, you can just do
> 
>    print("whatever");
>    flush_all();
> 
> 
> Or if you are doing a lot of testing, have this in place:
> 
> event flush() {
>    flush_all();
>    schedule 5sec { flush() };
> }
> 
> event bro_init() {
>    schedule 5sec { flush() };
> }
> 
> I vaguely remember there is a way to just set all files to be non-buffered.. though hard flushing every few seconds probably is better for performance.
> 
> -- 
> - Justin Azoff
> 



More information about the Bro mailing list