I have attached the files: config.txt: the file to be read
config.bro: the file that reads in info from config.txt (plz change <config_filename> to reflect the path where config.txt is located on your machine) test.bro: the file that makes use of the config info in Config::table_config. (I didn't test this one). Try applying different functions to_* in bro.bif to the values in Config::table_config and see what happens. For me, it generated error. Thanks. On Tue, Oct 2, 2012 at 1:42 AM, Bro Tracker <[email protected]> wrote: > #884: Scripting inconsistency in the input framework > ---------------------------+------------------------ > Reporter: sheharbano.k | Owner: amannb > Type: Problem | Status: accepted > Priority: Normal | Milestone: Bro2.2 > Component: Bro | Version: git/master > Resolution: | Keywords: > ---------------------------+------------------------ > > Comment (by amannb): > > Sorry, I was not entirely able to reproduce this problem. > > If a table is read using the input framework and you use your type (IdxIp) > as the index type, the resulting table is of type > > {{{ > global tb_ip: table[addr] of count; > }}} > > and not of type > > {{{ > global tb_ip: table[IdxIp] of count; > }}} > > The index record is just there to give the input framework the information > about the names of the fields that are present in the input file -- the > bro table that is constructed will use an IndexType that contains > everything that was contained in the record in the same order. > > Thus if you have a record like > > {{{ > type testrecord: record { > a: addr; > b: count; > c: string; > } > }}} > > the resulting table will be of type > > {{{ > table test [addr, count, string] of count; > }}} > > and not of type > > {{{ > table test[testrecord] of count; > }}} > > However you should not even have been able to load the data into a table > with the wrong type -- the input framework should refuse loading data in a > table with nonmatching index types. And this seemed to work in my tests. > > So could you perhaps send me the exact scripts that you are using (or > attach them here)? Perhaps something else is going on that I am not > thinking of at the moment. > > -- > Ticket URL: <http://tracker.bro-ids.org/bro/ticket/884#comment:2> > Bro Tracker <http://tracker.bro-ids.org/bro> > Bro Issue Tracker > -- Sheharbano Khattak http://etheryell.com
#separator \x09 #set_separator , #empty_field (empty) #unset_field - #path reporter #fields parameter value #types string string local_net 1.1.1.1/32 th_addr_scan 35 weight_addr_scan 0.8 th_addr_scan_critical 20 weight_addr_scan_critical 1.0 th_port_scan 15 weight_port_scan 0.25 th_low_port_troll 10 weight_low_port_troll 0.5 wnd_addr_scan 5mins wnd_port_scan 5mins scan_evaluation_mode OR th_ssh_login 10 weight_breakin 1.0 wnd_breakin 10mins wnd_exploit 10mins weight_exploit_blacklist_match 0.5 exploit_evaluation_mode OR evaluation_breakin_mode OR th_disguised_exe 1 weight_disguised_exe 0.8 weight_egg_signature_match 1.0 wnd_egg 10mins evaluation_mode OR th_dns_failure 25 weight_dns_failure 0.8 evaluation_mode OR wnd_cnc 5mins weight_cnc_blacklist_match 1.0 weight_cnc_blacklist_dns_match 0.5 weight_cnc_signature_match 0.8 weight_rbn_blacklist_match 0.5 th_sqli_attempt 10 wnd_sqli 5mins weight_sqli 0.5 sqli_evaluation_mode OR th_mx_queries 5 th_smtp 25 weight_spam_failed_mx 1.0 weight_spam_failed_smtp 0.8 wnd_spam 5mins spam_evaluation_mode OR wnd_correlation 12hrs wnd_bot 1day
config.bro
Description: Binary data
test.bro
Description: Binary data
_______________________________________________ bro-dev mailing list [email protected] http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
