[Bro] bro scripts global vars

Aashish Sharma asharma at lbl.gov
Thu Jun 22 13:14:20 PDT 2017 

So I use (or misuse) a few different techniques to see whats in globals and tables etc. 

1) reporter.log 

use: event reporter_info(network_time(), msg, peer_description); 

and msg contains whatever output/result/values I'd like. 

this way, I can look at debugging within a cluster

I actually use a wrapper:

function  log_reporter(msg: string, debug: count)
{

	if (debug <= 5) 
	{
                @if ( ! Cluster::is_enabled())
                        print fmt("%s", msg);
                @endif

		event reporter_info(network_time(), msg, peer_description);
	}
}

and call it as within the functions. 

	log_reporter(fmt("EVENT: value of variable is %s", my_global_var),1);


2) in some-cases I'd schedule a print_stats event and dump information periodically using (1) above

3) using broctl print  


	you can also try:

	broctl print <module>::<variable_name> 

	eg. broctl print Site::local_nets 


	however if your tables are > N this may take a long time to work or may not work. I have been unable to understand why but some timeouts happen. There is a broctl.cfg setting which can increase the timeouts but that's also best effort - may or may not work.

But for all practical purposes broctl print <module>::<variable> works 


Hope this helps, 
Aashish 

On Thu, Jun 22, 2017 at 12:27:56PM -0700, Johanna Amann wrote:
> Stdout is a bit special. Especially if you are running in a cluster
> environment, it is probably easier to just create a new log-file and write
> your data to it.
> 
> Apart from that, you should find the stdout.log for your worker nodes in
> spool/worker-[x]/stdout.log.
> 
> Johanna
> 
> On Wed, Jun 14, 2017 at 11:51:25AM +0200, Ernest Farias wrote:
> > Thanks Johanna!
> > But now it arise another question it works fine when test on cmd line
> > but using broctl and I supposed it would go to my
> >  /log/current/stdout.log (?) , but it only contains this, I don't know
> > what I'm doing wrong
> > 
> > "max memory size         (kbytes, -m) unlimited
> > data seg size           (kbytes, -d) unlimited
> > virtual memory          (kbytes, -v) unlimited
> > core file size          (blocks, -c) unlimited"
> > 
> > Thanks
> > 
> > Ernest
> > 
> > 
> > On Tue, 2017-06-13 at 10:12 -0700, Johanna Amann wrote:
> > > Hi,
> > > 
> > > > 
> > > > What's the best way to know the value of globas vars on my loaded
> > > > bro
> > > > scripts?
> > > The easiest way probably is to just check their values in a bro_init
> > > event. Unless there is a reason that you can't do that?
> > > 
> > > Johanna
> > 
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro

More information about the Bro mailing list