[Bro] Question About Namespaces

Arash Fallah af7 at umbc.edu
Tue Jun 7 08:56:48 PDT 2016 

Thank you very much.

I'm still going over the documentation as I'm very much new to Bro
scripting. Once again, thanks for your help.

On Mon, Jun 6, 2016 at 3:35 PM, Johanna Amann <johanna at icir.org> wrote:

> Hi Arash,
>
> Yup, you actually can specify the separator per by passing it
> as a configuration option (named separator).
>
> You could, e.g. do something like this:
>
> local config_strings: table[string] of string = {
>                  ["separator"] = ";",
>         };
> Input::add_table([$source="../input.log", $name="ssh", $idx=Idx, $val=Val,
> $destination=servers, $config=config_strings]);
>
> I hope this helps,
>  Johanna
>
>
> On Fri, Jun 03, 2016 at 04:43:56PM -0400, Arash Fallah wrote:
> > Thanks Johanna,
> >
> > Unfortunately, that would break functionality in a myriad of other
> > scripts.  Is there a more elegant solution to this problem than
> redefining
> > the separator after the end of the Input::end_of_data event is triggered?
> > Since input is performed through an asynchronous call, it is not
> guaranteed
> > that the change to the separator would be reverted before another file is
> > read by Bro.
> >
> > On Fri, Jun 3, 2016 at 1:56 PM, Johanna Amann <johanna at icir.org> wrote:
> >
> > > Hi Arash,
> > >
> > > it will always be changed for all scripts.
> > >
> > > As for redef enum - it actually is also necessary for record types (you
> > > will find a lot of "redef record" in Bro scripts. However, it would
> > > probably be possible to get rid of those as the parser should, in
> theory,
> > > be able to determine the type by itself. I did not write that code,
> but I
> > > think it is just a Bro syntax quirk that might also make writing
> parsing a
> > > bit easier.
> > >
> > > Johanna
> > >
> > >
> > > On 3 Jun 2016, at 10:20, Arash Fallah wrote:
> > >
> > > If I put the following code inside the export section, would I be
> changing
> > >> the separator for all subsequently loaded scripts as well?
> > >>
> > >> ex.
> > >>
> > >> export{
> > >>
> > >> redef InputAscii::separator = ",";
> > >>
> > >> }
> > >>
> > >>
> > >> Whereas if I put it outside the export block, would it only be
> changed for
> > >> my script and not apply to another?
> > >>
> > >> export{
> > >>
> > >> #foo here
> > >>
> > >> }
> > >>
> > >> redef InputAscii::separator = ",";
> > >>
> > >> Additionally, when you are redefining variables, why is it that redef
> enum
> > >> is necessary when redefining an enumerable type whereas no other
> variable
> > >> requires the type to be explicitly stated for the redefinition (i.e.
> > >> strings as above).
> > >> _______________________________________________
> > >> Bro mailing list
> > >> bro at bro-ids.org
> > >> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> > >>
> > >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160607/b0032993/attachment.html

More information about the Bro mailing list