[Bro] Access pcap filename in script land

Vlad Grigorescu vladg at illinois.edu
Sun Mar 27 06:32:16 PDT 2016 

Try:

> bro -r pcap_file_name.pcap -e 'arg1="test"'

>     -e|--exec <bro code>           | augment loaded policies by given code

  --Vlad

Valerio <valerio.click at gmx.com> writes:

> Hi,
>
> I am trying to adapt the suggested methodology to the following
> scenario: I have a custom main.bro script in
> scripts/base/protocols/proto1/main.bro to which I would like to pass
> arguments from command line each and every time I run bro with the
> following command
>
> bro -r pcap_file_name.pcap
>
>
> I set const arg1 =""&redef into main.bro but if I run
>
> bro -r pcap_file_name.pcap 'arg1=\"test\"' I get the following error
>
>
> error in <params>, line 1: unrecognized character - \
> error in <params>, line 1: unrecognized character - "
> error in <params>, line 1: unknown identifier test, at or near "test"
>
> many thanks in advance,
> Valerio
>
> On 16/03/2016 17:10, Valerio wrote:
>> Thanks a lot!!!
>> 
>> Valerio
>> 
>>> Il giorno 16 mar 2016, alle ore 16:28, Robin Sommer <robin at icir.org> ha scritto:
>>>
>>>
>>>
>>>> On Tue, Mar 15, 2016 at 20:47 +0100, Valerio wrote:
>>>>
>>>> Is it possible when I start bro to pass external arguments to a bro
>>>> script?
>>>
>>> Yes, you can override script variables, like this:
>>>
>>>    # cat args.bro
>>>
>>>    const pcap_file = "" &redef;
>>>
>>>    event bro_init()
>>>        {
>>>        print(pcap_file);
>>>        }
>>>
>>>    # bro ./args.bro 'pcap_file=\"Foo\"'
>>>    "Foo"
>>>
>>>
>>> Robin
>>>
>>> -- 
>>> Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
>> 
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>> 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 800 bytes
Desc: not available
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20160327/f65829ee/attachment.bin

More information about the Bro mailing list