[
https://bro-tracker.atlassian.net/browse/BIT-1475?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=22101#comment-22101
]
Aaron edited comment on BIT-1475 at 9/14/15 4:49 PM:
-----------------------------------------------------
Hi Johanna, you are right, I double checked my own example and it does
work--apparently I had simplified it too much so that the behavior isn't
observable anymore. The actual setup is a lot more specific. I'm actually
invoking a python script.
I've tried to narrow down where in the python things get locked up, but I could
find no discernible pattern, in fact after I threw out enough code it went from
"never prints the output" to "sometimes prints it and sometimes does not". I'm
sending my bro script and the python code-- I apologize for not being able to
find an absolute minimal example.
[^bro.tar.gz]
With this code, if you run "bro t1.bro" I would expect you to see my python
output (the name of a file passed to it from bro). If you run "bro -r my.pcap
t1.bro" I would expect you to never see any output related to the script.
Included is the same pcap I'm using but I don't think the file itself has
anything to do with the problem because, in this example, I'm not even looking
at it, I'm just putting everything in bro_init.
Is there some kind of timeout where if the process takes too long bro just
forgets about it? The code is really not doing anything; perhaps all those
nested python imports is taking too much time.
Bro is version 2.3.1.
Edit: sorry again, you will have to adjust the path to the python script
mentioned in t1.bro as it is the full path. Just change the path to the dir in
which you extract everything (it wants to run "check-macros.py" which must be
in the same dir as all its libraries).
was (Author: ajmills):
Hi Johanna, you are right, I double checked my own example and it does
work--apparently I had simplified it too much so that the behavior isn't
observable anymore. The actual setup is a lot more specific. I'm actually
invoking a python script.
I've tried to narrow down where in the python things get locked up, but I could
find no discernible pattern, in fact after I threw out enough code it went from
"never prints the output" to "sometimes prints it and sometimes does not". I'm
sending my bro script and the python code-- I apologize for not being able to
find an absolute minimal example.
[^bro.tar.gz]
With this code, if you run "bro t1.bro" I would expect you to see my python
output (the name of a file passed to it from bro). If you run "bro -r my.pcap
t1.bro" I would expect you to never see any output related to the script.
Included is the same pcap I'm using but I don't think the file itself has
anything to do with the problem because, in this example, I'm not even looking
at it, I'm just putting everything in bro_init.
Is there some kind of timeout where if the process takes too long bro just
forgets about it? The code is really not doing anything; perhaps all those
nested python imports is taking too much time.
Bro is version 2.3.1.
> Exec::Run does not complete
> ---------------------------
>
> Key: BIT-1475
> URL: https://bro-tracker.atlassian.net/browse/BIT-1475
> Project: Bro Issue Tracker
> Issue Type: Problem
> Components: Bro
> Affects Versions: 2.3
> Environment: Centos 6.6
> Reporter: Aaron
> Labels: hang
> Attachments: bro.tar.gz
>
>
> I'm having trouble running an external program in the callback function for
> an event when processing a pcap file. It seems to work in bro_init, however,
> which confuses me.
> The working file will print out the output of the "ls" command, whereas the
> not-working file will not print out anything no matter how long I wait.
> Specifically here I want to use the event when bro detects a file in the pcap.
> working.bro (ran as simply "bro working.bro"):
> {code:java}
> @load base/utils/exec
> redef exit_only_after_terminate=T;
> event bro_init()
> {
> local t= "ls /";
> local cmd = Exec::Command($cmd=t);
> when (local res = Exec::run(cmd))
> {
> print "hello";
> print res$stdout;
> }
> }
> {code}
> notworking.bro (ran as bro -r my.pcap notworking.bro:
> {code:java}
> @load base/utils/exec
> @load base/frameworks/files
> @load base/frameworks/notice
> redef exit_only_after_terminate=T;
> event file_new(f: fa_file)
> {
> local t ="ls /";
> local cmd = Exec::Command($cmd=t);
> when (local res = Exec::run(cmd))
> {
> print "hello";
> print res$stdout;
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v7.0.0-OD-05-005#70102)
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
