[Bro] trying to read space separate file to bro
김희철
hckim at narusec.com
Mon Jan 18 23:48:46 PST 2016
Hi
I am trying to read file which has space separate
I add redef separator = " " ; but it's gave me some errors
error: ./aaa.txt/Input::READER_ASCII: Did not find requested field sip in
input data file ./aaa.txt.
error: ./aaa.txt/Input::READER_ASCII: Init: cannot open ./aaa.txt; headers
are incorrect
error: ./aaa.txt/Input::READER_ASCII: Init failed
if aaa.txt is tsv file and with out redef separator, it works fine
Is there a way to read a file which is not tsv
here is my sample aaa.txt and bro script
aaa.txt
#fields sip sport dip dport
192.168.1.116 61711 172.16.100.132 22
bro script
export {
type Val: record {
sip: addr;
sport: port;
dip: addr;
dport: port;
};
redef Input::separator = " ";
}
event TEST(description: Input::EventDescription, tpe: Input::Event, sip:
addr, sport: port, dip: addr, dport: port){
print fmt("%s %d %s %d",sip,sport,dip,dport);
}
event bro_init()
{
print fmt("test");
Input::add_event([$source="./aaa.txt", $name="test", $fields=Val, $ev=TEST
,$want_record=F]);
}
--
------------------------------------------------------
Hichul Kim 김희철 선임 연구원
Naru Security (주)나루씨큐리티
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160119/d15ade34/attachment.html
More information about the Bro
mailing list