[Bro] bro syntax checking

David Hoelzer dhoelzer at enclaveforensics.com
Wed Oct 26 06:27:27 PDT 2016

Why not just load the edited scripts against a small pcap?  That’s what I’ve learned to do on my end before doing a deploy. :)

On Oct 26, 2016, at 9:22 AM, Zeolla at GMail.com <mailto:Zeolla at GMail.com> <zeolla at gmail.com <mailto:zeolla at gmail.com> > wrote:

So I've been looking for a cleaner way to check bro syntax via a pre-commit hook - we currently have bro installed on a server where we commit from that does a `broctl check`.  I was thinking of doing something small like a docker instance that can run `broctl check` using a mounted host directory.  My questions are:

1. Has anybody else already solved this issue?  What are others using to validate syntax before pushing out changes?  
2. Is this the official bro docker image?  I pulled it down and was playing around a bit but ran into an issue but I wasn't sure if this was expected.  Specifically, /bro/bin/broctl wasn't functional until I installed python, but after running `apt-get update && apt-get install -y python && /bin/bro/broctl install` things seemed to be functional.  

I did briefly try to peruse the mailing list archive for the past few months but didn't find what I was looking for.  Thanks,



Bro mailing list

bro at bro-ids.org <mailto:bro at bro-ids.org> 

http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro <http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro> 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161026/aab39cc9/attachment.html 

More information about the Bro mailing list