-3

I have searched high and low for an answer to this, but I have been stuck for 2 days. I am attempting to read data into BRO IDS from a file using :

Input::add_table([$source=sinkhole_list_location, $name="sinkhole", $idx=Idx, $val=Val, $destination=sinkhole_list2, $mode=Input::REREAD]);

The file is formatted as stated by Bro documentation:

fields ip ipname 10.10.20.20 hi 8.8.8.8 hey 192.168.1.1 yo

Yet whenever I run this, or any of the other scripts out there on my Bro IDS I always get HEADERS ARE INCORRECT. What format should the file be in??????

error: sinkhole_ip.dat/Input::READER_ASCII: Did not find requested field ip in input data file sinkhole_ip.dat. 1481713377.164791 error: sinkhole_ip.dat/Input::READER_ASCII: Init: cannot open sinkhole_ip.dat; headers are incorrect

Jools
  • 1
  • 1

1 Answers1

0

I can answer my own question here, its in the use of tab seperated files which BRO uses by default. Every single field must be tabbed.

Then you can output the table contents as a test within... Input::end_of_data event() as once this event has been received all data from the input file is available in the table.

Jools
  • 1
  • 1