> On Nov 29, 2017, at 5:02 PM, Johanna Amann <[email protected]> wrote:
>
> The config reader provides a way to read configuration files back into
> Bro. Most importantly it automatically converts values to the correct
> types. This is important because it is at least inconvenient (and
> sometimes near impossible) to perform the necessary type conversions in
> Bro scripts themselves. This is especially true for sets/vectors.
>
> Configuration generally look like this:
>
> [option name][tab/spaces][new variable value]
>
> so, for example:
>
> testaddr 2607:f8b0:4005:801::200e
> testinterval 60
> testtime 1507321987
> test_set a b c d erdbeerschnitzel
>
> The reader uses the option name to look up the type that variable has in
> the Bro core and automatically converts the value to the correct type.
What are the limits of this automatic conversion?
There's currently a few use cases that are difficult to do using the input
framework
when then involve loading things into a nested data structure... like a
table[subnet] of set[port]
It can be done, but requires using the input events and doing bookkeeping
yourself.
Bro can serialize stuff to json, but I don't think we have the inverse
implemented anywhere
Could be nice to be able to lay out values using something like
port_whitelist {192.168.0.0/24: [22/tcp,80/tcp], 192.168.1.0/24: [443/tcp]}
Maybe this is more of a job for broker? I know broker can easily serialize and
transfer such
a data structure over the network, is there a plain text serialization
implementation too?
—
Justin Azoff
_______________________________________________
bro-dev mailing list
[email protected]
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
