[Zeek] Input framework
Nabil Memon
nabilmemon.ec at gmail.com
Fri May 22 03:16:37 PDT 2020
Hi Zeek,
Hope you're all doing well.
I am using an Input framework to provide some dynamic input to bro.
Here's how the infra looks like,
*cat* */usr/local/bro/share/bro/base/protocols/file_port_list*
#fields port_num
60000/tcp
8080/tcp
49154/tcp
55907/tcp
49152/tcp
49153/tcp
8000/tcp
5357/tcp
type Portsx: record {
port_num: port;
};
global file_port_list: set[port] = set();
redef Communication::nodes += {
["python"] = [$host = 127.0.0.1, $events = /*config_update*/,
$connect=F, $ssl=F]
};
event bro_init()
{
Input::add_table([$source=file_port_list_loc, $name="file_port_list",
$idx=Portsx, $destination=file_port_list]);
}
event bro_done()
{
Input::remove("file_port_list");
}
event config_update()
{
Input::force_update("file_port_list");
}
It works really well. But when I terminate bro process, it goes into
defunct state and throws an error on the console.
*Error: received signal while waiting for thread
/usr/local/bro/share/bro/base/protocols/file_port_list/Input::READER_ASCII,
aborting all ...*
Anything am I doing wrong??
Thanks a lot for looking..!!
Regards,
Nabil
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20200522/022192cc/attachment.html
More information about the Zeek
mailing list