[Bro] Access pcap filename in script land
Valerio
valerio.click at gmx.com
Tue Mar 15 12:47:35 PDT 2016
Hi Anthony,
Thanks for your answer.
Let me just generalize my requirement: Is it possible when I start bro
to pass external arguments to a bro script?
I think this feature would be useful in case you want to add some
external info (not strictly present in the pcap or flow that bro i
analyzing) into .log files produced by a bro script.
thanks,
Valerio
On 15/03/2016 01:23, anthony kasza wrote:
> Nope.
>
> -AK
> On Mar 14, 2016 2:51 PM, "Valerio" <valerio.click at gmx.com> wrote:
>
>> Hi all,
>>
>> in case bro is executed offline on a pcap with:
>>
>> bro -r file1.pcap script.bro
>>
>> is there a directive I can insert into script.bro to access the pcap
>> filename?
>>
>> many thanks in advance,
>> Valerio
>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>
>
More information about the Bro
mailing list