Greetings all,
Fairly new to Bro and feel a bit silly that I can’t figure this out, but I’m working on a Bro script that hooks into the notice framework to call an external script when a Notice is fired. I’m wanting to pass all (well, most) of the variables in the Notice object to my script, but I’m having trouble. I think that what is happening is some notices do not have all the variables defined and if I try to use one of those variables, my script block skips execution.
So, what I thought I would do was instead of using n$dst for example, I would do something like:
local dst = (n$dst == NULL ? “” : n$dst);
I tried various forms using if blocks and regular assignment instead of the ternary operator but the end result is the same, nothing seems to happen.
Is there a way to check for null/undefined variables that I’m just missing, or do I need to rethink they way I’m doing this entirely?
Bro version 2.3
CentOS 6.5 w/ kernel 2.6.32-431.23.3.el6.x86_64
My code: http://pastebin.com/KR5vkdXM