[Bro] bro syntax checking
David Hoelzer
dhoelzer at enclaveforensics.com
Wed Oct 26 06:27:27 PDT 2016
Why not just load the edited scripts against a small pcap? That’s what I’ve learned to do on my end before doing a deploy. :)
On Oct 26, 2016, at 9:22 AM, Zeolla at GMail.com <mailto:Zeolla at GMail.com> <zeolla at gmail.com <mailto:zeolla at gmail.com> > wrote:
So I've been looking for a cleaner way to check bro syntax via a pre-commit hook - we currently have bro installed on a server where we commit from that does a `broctl check`. I was thinking of doing something small like a docker instance that can run `broctl check` using a mounted host directory. My questions are:
1. Has anybody else already solved this issue? What are others using to validate syntax before pushing out changes?
2. Is this the official bro docker image? I pulled it down and was playing around a bit but ran into an issue but I wasn't sure if this was expected. Specifically, /bro/bin/broctl wasn't functional until I installed python, but after running `apt-get update && apt-get install -y python && /bin/bro/broctl install` things seemed to be functional.
I did briefly try to peruse the mailing list archive for the past few months but didn't find what I was looking for. Thanks,
Jon
--
Jon
_______________________________________________
Bro mailing list
bro at bro-ids.org <mailto:bro at bro-ids.org>
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro <http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161026/aab39cc9/attachment.html
More information about the Bro
mailing list