21 Feb
2013
21 Feb
'13
1:47 p.m.
Hmm...I tried it two ways, with no luck:
$ bro -r test.pcap
/usr/local/bro-2.1/share/bro/policy/frameworks/communication/listen.bro
exec-test.bro
hello
run
run finished
date
{
[/tmp/bro-exec-DdEgoyU0zwf] = [exit_code=0, stdout=<uninitialized>,
stderr=<uninitialized>]
}
and
$ cat exec-test.bro
@load ./exec
@load frameworks/communication/listen
event bro_init()
{
print "hello";
Exec::run("date", function(r: Exec::Result) {
print "test";
if ( ! r?$stdout )
{
print "nothing?!?";
return;
}
for ( i in r$stdout )
{
print r$stdout[i];
print r$stdout;
}
});
}
$ bro -r test.pcap exec-test.bro
hello
run
run finished
date
{
[/tmp/bro-exec-f6eBToBcMd6] = [exit_code=0, stdout=<uninitialized>,
stderr=<uninitialized>]
}
Is there another way to load the listen script?
On Thu, Feb 21, 2013 at 4:41 PM, Seth Hall <seth(a)icir.org> wrote:
On Feb 21, 2013, at 4:33 PM, Chris Crawford <
christopher.p.crawford(a)gmail.com> wrote:
But, that data never makes it to the output in
the bro script.
I'm curious why "test" never gets printed.
Bro's shutting down before it gets a chance to. :)
When you run Bro, load the frameworks/communication/listen script. That
will cause Bro not to shut down right after starting up and will give your
script a chance to run.
.Seht
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/