[Bro] Access pcap filename in script land

[Valerio]

Thanks!!

by moving the script from base to share/bro/site it works!!

best,
Valerio

On 28/03/2016 18:29, Azoff, Justin S wrote:
> 
>> On Mar 28, 2016, at 12:20 PM, Valerio <valerio.click at gmx.com> wrote:
>>
>> Hi,
>>
>> thanks for your feedback. However I think I am missing something.
>> In fact, if I run:
>>
>> bro -r pcap_file_name.pcap arg1=test
>>
>> I get the following error
>>
>> error in <params>, line 1: unknown identifier test, at or near "test"
>>
>> Please notice that, as I described in my previous mail:
>>
>> "I have a custom main.bro script in
>> scripts/base/protocols/proto1/main.bro to which I would like to pass
>> arguments from command line"
>>
>> in the main.bro I defined arg1 as const arg1=""&redef within the
>> export{} block and having define module Prot1;
>>
>> Even if I run
>>
>> bro -r pcap_file_name.pcap Prot1::arg1=test
>>
>> I get the following error
>> error in <params>, line 1: unknown identifier test, at or near "test"
>>
>> the same with:
>> bro -r 28122015-whatsapp_iphone_traffic.pcap 'Wa::arg1=test'
>>
>> best regards,
>> Valerio
> 
> The different methods do work:
> 
> $ cat t.bro
> module Foo;
> export {
>     const arg1 ="x" &redef ;
> }
> 
> event bro_init() {
>     print arg1;
> }
> $ bro t.bro
> x
> $ bro t.bro Foo::arg1=test
> test
> $ bro t.bro 'Foo::arg1=test two'
> test two
> $ bro t.bro -e 'redef Foo::arg1="test three"'
> test three
> 
> Are you actually loading your proto1 script anywhere?  local scripts really belong under share/bro/site, not under the base/ directory.
> 
> You likely want to move your proto1 directory to share/bro/site and add
> 
> @load ./proto1
> 
> to share/bro/site/local.bro
>