load 语句,缺省路径 :
<prefix>/share/bro
<prefix>/share/bro/policy
<prefix>/share/bro/site
在bro version 2.6.3 版本中,缺省路径为 <prefix>/share/bro/policy
[root@clusternode zeekbro-code]# cat load-test.bro
@load protocols/ssl/weak-keys.bro
[root@clusternode zeekbro-code]# bro -r test.pcap load-test.bro
当load后为相对路径为目录时,则导入该路径下__load__.bro,比如 <prefix>/share/bro/base/frameworks/notice下__load__.bro,其内容如下
@load ./main
@load ./weird
# There should be no overhead imposed by loading notice actions so we
# load them all.
@load ./actions/drop
@load ./actions/email_admin
@load ./actions/page
@load ./actions/add-geodata
# Load here so that it can check whether clustering is enabled.
@load ./actions/pp-alarms
将递归执行
