Is there a way to
specify that the const value is empty where it is declared?
Yes, but in that case you have to specify a type for the variable,
too, since Bro can't infer it. So, for example:
const ftp_servers: set[addr];
With the 0.7 release, there will be significantly smoother support
for defining things like the above and overriding them. For example,
you'll be able to do:
const ftp_servers: set[addr] &redef; # &redef = it's okay to redefine
...
const ftp_servers += { webfarm.myorg.org, webfarm2.myorg.org };
...
const ftp_servers += { departmental.ftp.myorg.org };
...
# Don't consider webfarm.myorg.org an FTP server for our particular
# local policy.
const ftp_servers -= { webfarm.myorg.org };
and at the end of this ftp_servers is initialized to { webfarm2.myorg.org,
departmental.ftp.myorg.org }.
One more thing. I was unable to subscribe to this mailing list via
bro-subscribe@lbl.gov. lbl.gov responds with a "use unknown" reply. If
anyone knows why this is, I would appreciate the information.
The mailing list is now run by majordomo. To get on it, send a message to
majordomo@listserv.lbl.gov with the *body* "subscribe bro". If you found
stale information somewhere that said to try bro-subscribe@llb.gov, please
let me know.
Vern