Hi,
Is it possible to perform conditional loading of bro script files ?
In my local.bro file, I’d like to do something like this:
if file ‘filters.bro’ exists
{
@load filters.bro
}
The file filters.bro may or may not exist because it’s getting generated from an external program.
Thanks for your help in advance.
Dnj
the directives don’t seem to have file test operators. I tried to do the following…
local c = “test -f filters.bro”;
local cmd = Exec::Command($cmd=c);
when (local res = Exec::run(cmd))
{
@if (res$exit_code == 0)
{
@load filters.bro;
}
}
However, I am getting parsing errors…
I have no clue if it would work but… You could try to make a global variable in the script you’re testing for (something like global is_loaded: bool) then check if it is defined with @ifdef. If so, the script was loaded.
-AK
Innelegant but I just have the same process that creates populated files create empty ones for bro to @load in environments where they aren’t applicable and e.g. a puppet template would be overkill.
Grant
Thanks Athiny, Grant,
I’ll try your suggestions.
You already got the correct advice in this thread, but just to close it out I’ll go into a bit more detail on why it couldn’t work.
Since “@if” is a parser directive, that code is executed while the code is being parsed but the code within a “when” block is executed asynchronously. There is higher-order problem that I’ll get to next, but conceptually that @if wouldn’t work anymore since it wouldn’t be executed until later when the when statement’s body executes.
The high level problem is that it looks like you have a lot of code outside of event handlers. There isn’t much support for code outside of event handlers in Bro since that means the code would only be executed at parse time which is frequently not a useful time to accomplish things. If you want to do something at startup you would work in a bro_init event handler (which still wouldn’t work for what you want to do unfortunately).
I would follow Anthony’s advice and do a condition in a script that just changes behavior based on the result of the command that gets executed. On the upside, this give you the flexibility to re-run the command later and have behavior change dynamically.
.Seth
Thanks Seth.