[Bro] Question About Namespaces

Johanna Amann johanna at icir.org
Mon Jun 6 12:35:04 PDT 2016


Hi Arash,

Yup, you actually can specify the separator per by passing it
as a configuration option (named separator).

You could, e.g. do something like this:

local config_strings: table[string] of string = {
		 ["separator"] = ";",
	};
Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val, $destination=servers, $config=config_strings]);

I hope this helps,
 Johanna


On Fri, Jun 03, 2016 at 04:43:56PM -0400, Arash Fallah wrote:
> Thanks Johanna,
> 
> Unfortunately, that would break functionality in a myriad of other
> scripts.  Is there a more elegant solution to this problem than redefining
> the separator after the end of the Input::end_of_data event is triggered?
> Since input is performed through an asynchronous call, it is not guaranteed
> that the change to the separator would be reverted before another file is
> read by Bro.
> 
> On Fri, Jun 3, 2016 at 1:56 PM, Johanna Amann <johanna at icir.org> wrote:
> 
> > Hi Arash,
> >
> > it will always be changed for all scripts.
> >
> > As for redef enum - it actually is also necessary for record types (you
> > will find a lot of "redef record" in Bro scripts. However, it would
> > probably be possible to get rid of those as the parser should, in theory,
> > be able to determine the type by itself. I did not write that code, but I
> > think it is just a Bro syntax quirk that might also make writing parsing a
> > bit easier.
> >
> > Johanna
> >
> >
> > On 3 Jun 2016, at 10:20, Arash Fallah wrote:
> >
> > If I put the following code inside the export section, would I be changing
> >> the separator for all subsequently loaded scripts as well?
> >>
> >> ex.
> >>
> >> export{
> >>
> >> redef InputAscii::separator = ",";
> >>
> >> }
> >>
> >>
> >> Whereas if I put it outside the export block, would it only be changed for
> >> my script and not apply to another?
> >>
> >> export{
> >>
> >> #foo here
> >>
> >> }
> >>
> >> redef InputAscii::separator = ",";
> >>
> >> Additionally, when you are redefining variables, why is it that redef enum
> >> is necessary when redefining an enumerable type whereas no other variable
> >> requires the type to be explicitly stated for the redefinition (i.e.
> >> strings as above).
> >> _______________________________________________
> >> Bro mailing list
> >> bro at bro-ids.org
> >> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> >>
> >


More information about the Bro mailing list