21 Feb
2013
21 Feb
'13
12:16 p.m.
Hey Seth,
Having this type of functionality would be awesome! It would "unlock" bro
to the point where we would only be limited by our imaginations with what
we could make bro do.
I know you mentioned that the current stuff is broken on github, but I gave
it a try anyways (I modified the command in exec-test.bro to the date
command):
$ bro -r test.pcap exec-test.bro
entering the async whatever
yay!
{
[/tmp/bro-exec-4N1gxc3hF32] = [Thu Feb 21 2013]
}
bro: bro-2.1/src/Trigger.cc:227: bool Trigger::Eval(): Assertion
`frame->GetCall()' failed.
Aborted
So close, and yet so far.
I'm assuming that this is the bug that you mentioned Bro 2.2 will fix.
When is Bro 2.2 expected to be released?
-Chris
On Tue, Feb 19, 2013 at 10:38 AM, Seth Hall <seth(a)icir.org> wrote:
On Feb 19, 2013, at 10:11 AM, Seth Hall <seth(a)icir.org> wrote:
I thought I should mention that I did some more
updates to make this
work better and the current commit that is in my github
repository is
broken. We're going to be fixing a bug in Bro and likely including this
functionality in Bro 2.2.
I just got a question asking about getting a working version. You can
checkout a commit after you clone the repository that does work like this..
git checkout edf424
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
_______________________________________________
Bro mailing list
bro(a)bro-ids.org
http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro