[Bro] Accessing bro variables in c

Mike Muratet mike.muratet at torchtechnologies.com
Thu Jun 16 10:11:17 PDT 2005


I've run up against another glitch in my efforts to get data out of bro. I 
am receiving the 'connection_finished' event from the conn.bro policy which 
sends a  bro type 'connection' record. I am processing the event with the 
call back method:

void bro_conn_callback(BroConn* bc, BroRecord* conn)
    void* result;
    char* service;
    bro_record_get_named_val(conn, "service", BRO_TYPE_STRING, result);
    service = strdup((char*)result);
    printf("%s event received\n", service);

When I ssh into the host machine and exit it triggers the event as it 
should, but the callback prints out an empty string.

My experiments with the bro type 'time' variable start_time are equally 
unsuccessful. Is the type equivalent to the c double, or is it a timestamp 
structure? (I didn't find it in the bro manual.)

Am I going about this all wrong?



More information about the Bro mailing list