[Bro] Access pcap filename in script land
Azoff, Justin S
jazoff at illinois.edu
Mon Mar 28 09:29:42 PDT 2016
> On Mar 28, 2016, at 12:20 PM, Valerio <valerio.click at gmx.com> wrote:
>
> Hi,
>
> thanks for your feedback. However I think I am missing something.
> In fact, if I run:
>
> bro -r pcap_file_name.pcap arg1=test
>
> I get the following error
>
> error in <params>, line 1: unknown identifier test, at or near "test"
>
> Please notice that, as I described in my previous mail:
>
> "I have a custom main.bro script in
> scripts/base/protocols/proto1/main.bro to which I would like to pass
> arguments from command line"
>
> in the main.bro I defined arg1 as const arg1=""&redef within the
> export{} block and having define module Prot1;
>
> Even if I run
>
> bro -r pcap_file_name.pcap Prot1::arg1=test
>
> I get the following error
> error in <params>, line 1: unknown identifier test, at or near "test"
>
> the same with:
> bro -r 28122015-whatsapp_iphone_traffic.pcap 'Wa::arg1=test'
>
> best regards,
> Valerio
The different methods do work:
$ cat t.bro
module Foo;
export {
const arg1 ="x" &redef ;
}
event bro_init() {
print arg1;
}
$ bro t.bro
x
$ bro t.bro Foo::arg1=test
test
$ bro t.bro 'Foo::arg1=test two'
test two
$ bro t.bro -e 'redef Foo::arg1="test three"'
test three
Are you actually loading your proto1 script anywhere? local scripts really belong under share/bro/site, not under the base/ directory.
You likely want to move your proto1 directory to share/bro/site and add
@load ./proto1
to share/bro/site/local.bro
--
- Justin Azoff
More information about the Bro
mailing list