[Bro] bro script q.
Dk Jack
dnj0496 at gmail.com
Fri Oct 7 14:00:05 PDT 2016
Hi,
Can a function defined in one script be accessed from another script?
Currently, I have the following in two files:
File A:
global myfunc: function(c: connection, msg: string): string
function myfunc(c: connection, msg: string): string
{
...
print fmt("myfunc: called from %s", msg);
...
return mystring;
}
event someEventA(c: connection, ...)
{
...
c$fileA$myfunc_result = myfunc(c, "fileA");
}
File B:
global myfunc: function(c: connection, msg: string): string
even someEventB(c: connection, ...)
{
...
c$fileB$myfunc_result = myfunc(c, "fileB");
...
}
This compiles and runs fine when I run against a pcap. The events
'someEventA' and 'someEventB' write to two different log files. In log
fileA, I see all the columns populated include myfunc_result column.
However, in log fileB, I the myfunc_result shows the default string 'NA'.
In the standard out file, I only see 'myfunc: called from fileA' messages.
Since the myfunc function is performing a lookup on a table (loaded from
file on disk), I'd like both the events to be able to see the same info.
What am I doing wrong which is preventing me from accessing myfunc function
from fileB. Thanks.
Dk.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161007/9c6c51bf/attachment.html
More information about the Bro
mailing list