[Bro] trying to read space separate file to bro
Daniel Thayer
dnthayer at illinois.edu
Tue Jan 19 08:53:20 PST 2016
In your script, you need to change one line to use this:
redef InputAscii::separator = " ";
On 01/19/2016 01:48 AM, 김희철 wrote:
> Hi
> I am trying to read file which has space separate
>
> I add redef separator = " " ; but it's gave me some errors
>
> error: ./aaa.txt/Input::READER_ASCII: Did not find requested field sip
> in input data file ./aaa.txt.
>
> error: ./aaa.txt/Input::READER_ASCII: Init: cannot open ./aaa.txt;
> headers are incorrect
>
> error: ./aaa.txt/Input::READER_ASCII: Init failed
>
>
> if aaa.txt is tsv file and with out redef separator, it works fine
>
> Is there a way to read a file which is not tsv
>
>
> here is my sample aaa.txt and bro script
>
> aaa.txt
>
> #fields sip sport dip dport
>
> 192.168.1.116 61711 172.16.100.132 22
>
>
>
> bro script
>
> export {
>
> type Val: record {
>
> sip: addr;
>
> sport: port;
>
> dip: addr;
>
> dport: port;
>
> };
>
> redef Input::separator = " ";
>
> }
>
>
> event TEST(description: Input::EventDescription, tpe: Input::Event, sip:
> addr, sport: port, dip: addr, dport: port){
>
> print fmt("%s %d %s %d",sip,sport,dip,dport);
>
> }
>
>
> event bro_init()
>
> {
>
> print fmt("test");
>
> Input::add_event([$source="./aaa.txt", $name="test", $fields=Val,
> $ev=TEST ,$want_record=F]);
>
> }
>
>
> --
> ------------------------------------------------------
> Hichul Kim 김희철 선임 연구원
>
> Naru Security (주)나루씨큐리티
>
>
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
More information about the Bro
mailing list