[Bro] trying to read space separate file to bro

Daniel Thayer dnthayer at illinois.edu
Tue Jan 19 08:53:20 PST 2016


In your script, you need to change one line to use this:

redef InputAscii::separator = " ";



On 01/19/2016 01:48 AM, 김희철 wrote:
> Hi
> I am trying to read file which has space separate
>
> I add redef separator = " " ; but it's gave me some errors
>
> error: ./aaa.txt/Input::READER_ASCII: Did not find requested field sip
> in input data file ./aaa.txt.
>
> error: ./aaa.txt/Input::READER_ASCII: Init: cannot open ./aaa.txt;
> headers are incorrect
>
> error: ./aaa.txt/Input::READER_ASCII: Init failed
>
>
> if aaa.txt is tsv file and with out redef separator, it works fine
>
> Is there a way to read a file which is not tsv
>
>
> here is my sample aaa.txt and bro script
>
> aaa.txt
>
> #fields sip sport dip dport
>
> 192.168.1.116 61711 172.16.100.132 22
>
>
>
> bro script
>
> export {
>
>     type Val: record {
>
>         sip: addr;
>
>         sport: port;
>
>         dip: addr;
>
>         dport: port;
>
>     };
>
>     redef Input::separator = " ";
>
> }
>
>
> event TEST(description: Input::EventDescription, tpe: Input::Event, sip:
> addr, sport: port, dip: addr, dport: port){
>
>     print fmt("%s %d %s %d",sip,sport,dip,dport);
>
> }
>
>
> event bro_init()
>
> {
>
>     print fmt("test");
>
>     Input::add_event([$source="./aaa.txt", $name="test", $fields=Val,
>     $ev=TEST ,$want_record=F]);
>
> }
>
>
> --
> ------------------------------------------------------
> Hichul Kim 김희철 선임 연구원
>
> Naru Security  (주)나루씨큐리티
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>


More information about the Bro mailing list