[Bro] bro script q.

Dk Jack dnj0496 at gmail.com
Fri Oct 7 15:30:04 PDT 2016 

Could you direct me to an example on how to do that? I've only seen export
being used with export info records... thanks.

On Fri, Oct 7, 2016 at 2:24 PM, anthony kasza <anthony.kasza at gmail.com>
wrote:

> In your example you're defining the same function twice within the global
> namespace. This might be causing an issue.
> Try using the module and export functionality of the scripting language.
>
> -AK
>
> On Oct 7, 2016 3:20 PM, "Dk Jack" <dnj0496 at gmail.com> wrote:
>
> Hi,
> Can a function defined in one script be accessed from another script?
> Currently, I have the following in two files:
>
> File A:
>
> global myfunc: function(c: connection, msg: string): string
>
> function myfunc(c: connection, msg: string): string
> {
>    ...
>    print fmt("myfunc: called from %s", msg);
>    ...
>    return mystring;
> }
>
> event someEventA(c: connection, ...)
> {
>     ...
>     c$fileA$myfunc_result = myfunc(c, "fileA");
> }
>
> File B:
> global myfunc: function(c: connection, msg: string): string
>
> even someEventB(c: connection, ...)
> {
>     ...
>     c$fileB$myfunc_result = myfunc(c, "fileB");
>     ...
> }
>
> This compiles and runs fine when I run against a pcap. The events
> 'someEventA' and 'someEventB' write to two different log files. In log
> fileA, I see all the columns populated include myfunc_result column.
> However, in log fileB, I the myfunc_result shows the default string 'NA'.
> In the standard out file, I only see 'myfunc: called from fileA' messages.
>
> Since the myfunc function is performing a lookup on a table (loaded from
> file on disk), I'd like both the events to be able to see the same info.
> What am I doing wrong which is preventing me from accessing myfunc function
> from fileB. Thanks.
>
> Dk.
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161007/ccde0add/attachment.html

More information about the Bro mailing list