[Bro] LDAP Analyzer

det2702 det2702 at mac.com
Tue Oct 5 05:32:00 PDT 2004


Thanks.  Scott Campbell sent some great pointers as well.  I'll keep 
the group posted on my progress.

Regards,

Randy



On Oct 5, 2004, at 4:24 AM, Vern Paxson wrote:

> An LDAP analyzer would be great to have.
>
>> Obviously, I'm new to BRO.  I looked through the documentation and was
>> not able to find anything on extending BRO's collection of analyzers.
>
> Unfortunately, there isn't documentation for this yet.  The way to go
> about it, though, is to identify an analyzer Bro already supports for
> a protocol that's similar to the one you want to do, and use the
> corresponding classes (in say HTTP.{h,cc} or DNS.{h,cc}, for example)
> as templates.
>
>> I'm especially interested on how to define event_handlers for custom
>> policy scripts that leverage the LDAP analyzer.
>
> See the file event.bif, which serves as the glue between the C++ of the
> event engine and the .bro policy script files.
>
> 		Vern
> _______________________________________________
> Bro mailing list
> Bro at ICSI.Berkeley.EDU
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro




More information about the Bro mailing list