Hmm...I tried it two ways, with no luck:

$ bro -r test.pcap /usr/local/bro-2.1/share/bro/policy/frameworks/communication/listen.bro exec-test.bro
hello
run
run finished
date
{
[/tmp/bro-exec-DdEgoyU0zwf] = [exit_code=0, stdout=<uninitialized>, stderr=<uninitialized>]
}

and

$ cat exec-test.bro
@load ./exec
@load frameworks/communication/listen

event bro_init()
        {
        print "hello";
        Exec::run("date", function(r: Exec::Result) {
                print "test";
                if ( ! r?$stdout )
                        {
                        print "nothing?!?";
                        return;
                        }

                for ( i in r$stdout )
                        {
                        print r$stdout[i];
                        print r$stdout;
                        }
                });
        }

$ bro -r test.pcap exec-test.bro
hello
run
run finished
date
{
[/tmp/bro-exec-f6eBToBcMd6] = [exit_code=0, stdout=<uninitialized>, stderr=<uninitialized>]
}

Is there another way to load the listen script?

On Thu, Feb 21, 2013 at 4:41 PM, Seth Hall <seth@icir.org> wrote:

On Feb 21, 2013, at 4:33 PM, Chris Crawford <christopher.p.crawford@gmail.com> wrote:

> But, that data never makes it to the output in the bro script.
>
> I'm curious why "test" never gets printed.

Bro's shutting down before it gets a chance to. :)

When you run Bro, load the frameworks/communication/listen script. That will cause Bro not to shut down right after starting up and will give your script a chance to run.

.Seht

--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/