bro scripts global vars

Ernest_Farias · June 13, 2017, 7:57am

Hi all

What's the best way to know the value of globas vars on my loaded bro
scripts?

I need to know if some vars redefs are in fact in place.

Thanks, Regards

Ernest

johanna · June 13, 2017, 5:12pm

Hi,

What's the best way to know the value of globas vars on my loaded bro
scripts?

The easiest way probably is to just check their values in a bro_init
event. Unless there is a reason that you can't do that?

Johanna

Ernest_Farias · June 14, 2017, 9:51am

Thanks Johanna!
But now it arise another question it works fine when test on cmd line
but using broctl and I supposed it would go to my
/log/current/stdout.log (?) , but it only contains this, I don't know
what I'm doing wrong

"max memory size (kbytes, -m) unlimited
data seg size (kbytes, -d) unlimited
virtual memory (kbytes, -v) unlimited
core file size (blocks, -c) unlimited"

Thanks

Ernest

johanna · June 22, 2017, 7:27pm

Stdout is a bit special. Especially if you are running in a cluster
environment, it is probably easier to just create a new log-file and write
your data to it.

Apart from that, you should find the stdout.log for your worker nodes in
spool/worker-[x]/stdout.log.

Johanna

Aashish_Sharma1 · June 22, 2017, 8:14pm

So I use (or misuse) a few different techniques to see whats in globals and tables etc.

1) reporter.log

use: event reporter_info(network_time(), msg, peer_description);

and msg contains whatever output/result/values I'd like.

this way, I can look at debugging within a cluster

I actually use a wrapper:

function log_reporter(msg: string, debug: count)
{

  if (debug <= 5)
  {
                @if ( ! Cluster::is_enabled())
                        print fmt("%s", msg);
                @endif

event reporter_info(network_time(), msg, peer_description);
}
}

and call it as within the functions.

log_reporter(fmt("EVENT: value of variable is %s", my_global_var),1);

2) in some-cases I'd schedule a print_stats event and dump information periodically using (1) above

3) using broctl print

you can also try:

broctl print <module>::<variable_name>

eg. broctl print Site::local_nets

however if your tables are > N this may take a long time to work or may not work. I have been unable to understand why but some timeouts happen. There is a broctl.cfg setting which can increase the timeouts but that's also best effort - may or may not work.

But for all practical purposes broctl print <module>::<variable> works

Hope this helps,
Aashish

Azoff_Justin_S · June 22, 2017, 8:41pm

This is one thing that is multiple orders of magnitude better on the broker branch.

With the broker branch, broctl print against tables with hundreds of thousands of items in them finishes in a second or two.

Topic		Replies	Views
debugging script Zeek	4	180	May 6, 2022
stdout.log does not work? Zeek	3	145	May 6, 2022
bro variable. Zeek	1	87	May 6, 2022
Questions about bro module declarations Zeek	4	84	May 6, 2022
- large double are not printed/written correctly Zeek	4	71	May 6, 2022

bro scripts global vars

Related topics