[Bro] Access pcap filename in script land

Valerio valerio.click at gmx.com
Sun Mar 27 07:06:26 PDT 2016 

Thanks!! now it works running following command:

bro -r pcap_file_name.pcap -e 'redef Prot1::arg1="test"'

AND

including 'const arg1=""&redef' within the export block of main.bro
where module Prot1 was defined.

best regards,
Valerio

On 27/03/2016 15:32, Vlad Grigorescu wrote:
> Try:
> 
>> bro -r pcap_file_name.pcap -e 'arg1="test"'
> 
>>     -e|--exec <bro code>           | augment loaded policies by given code
> 
>   --Vlad
> 
> Valerio <valerio.click at gmx.com> writes:
> 
>> Hi,
>>
>> I am trying to adapt the suggested methodology to the following
>> scenario: I have a custom main.bro script in
>> scripts/base/protocols/proto1/main.bro to which I would like to pass
>> arguments from command line each and every time I run bro with the
>> following command
>>
>> bro -r pcap_file_name.pcap
>>
>>
>> I set const arg1 =""&redef into main.bro but if I run
>>
>> bro -r pcap_file_name.pcap 'arg1=\"test\"' I get the following error
>>
>>
>> error in <params>, line 1: unrecognized character - \
>> error in <params>, line 1: unrecognized character - "
>> error in <params>, line 1: unknown identifier test, at or near "test"
>>
>> many thanks in advance,
>> Valerio
>>
>> On 16/03/2016 17:10, Valerio wrote:
>>> Thanks a lot!!!
>>>
>>> Valerio
>>>
>>>> Il giorno 16 mar 2016, alle ore 16:28, Robin Sommer <robin at icir.org> ha scritto:
>>>>
>>>>
>>>>
>>>>> On Tue, Mar 15, 2016 at 20:47 +0100, Valerio wrote:
>>>>>
>>>>> Is it possible when I start bro to pass external arguments to a bro
>>>>> script?
>>>>
>>>> Yes, you can override script variables, like this:
>>>>
>>>>    # cat args.bro
>>>>
>>>>    const pcap_file = "" &redef;
>>>>
>>>>    event bro_init()
>>>>        {
>>>>        print(pcap_file);
>>>>        }
>>>>
>>>>    # bro ./args.bro 'pcap_file=\"Foo\"'
>>>>    "Foo"
>>>>
>>>>
>>>> Robin
>>>>
>>>> -- 
>>>> Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
>>>
>>> _______________________________________________
>>> Bro mailing list
>>> bro at bro-ids.org
>>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>>>
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list