28 Aug
2017
28 Aug
'17
6:48 p.m.
On 25 Aug 2017, at 16:56, Aashish Sharma wrote:
global smtp_indicator_feed= fmt
("%s/feeds/smtp_malicious_indicators.out",@DIR) &redef ;
Problem is: @DIR gives the path of the directory where script is
residing.
So when I do broctl install - all the scripts go into :
../spool/installed-scripts-do-not-touch/
Huh, that's definitely a problem that I can see limiting people. What
you might want to do is reference a particular directory and having
instructions for people that they need to make it writable by the user
running the Bro process (and the directory could be redef-able).
Alternately, it looks like you're only using that to persist state
across executions. Is that right? If you're doing that, then you could
possibly get away with storing in $TMP.
Once Broker is in Bro, you can use Broker data stores to store and
retrieve your data.
.Seth
--
Seth Hall * Corelight, Inc * www.corelight.com