[Bro] Requesting event_notice ad event_alarm events over broccoli

Stephen Chan sychan at lbl.gov
Thu Aug 13 10:25:10 PDT 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Christian,
    We're using Bro 1.4 on both client and server sides. Our 1.4
source tree looks like it was generated on March 18, 2009, so I would
expect that it was current as of that date (Scott can confirm).

    Here's the code for acquiring the connection handle:

  if (! (bc = bro_conn_new((struct in_addr*) host->h_addr_list[0],
htons(conf.port),
               BRO_CFLAG_DONTCACHE))) {
    fprintf(stderr,"Could not obtain connection handle to %s:%d\n",
conf.hostname, conf.port);
    exit(1);
  }

    So the only flag is the BRO_CFLAG_DONTCACHE

    I'm using the compact argument style handler, and converting the
incoming parameters into perl variables and handing them off to a perl
function for processing. I don't think the c->perl interface is an
issue because the client never seems to receive the events.

    Steve

Christian Kreibich wrote:
> Hi Steve,
>
> Thanks for the feedback. Could you provide a bit more detail about
> the setup? In particular, what codebase are you using, and what are
> the connection flags on the Broccoli side?
>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.12 (Darwin)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAkqETHYACgkQcVd2YI1BWAiVBACcCysU7ffL6k8nDXQGzovglVXy
qe4Anj+lB+dW2aXMxVqxj7CzgU54HS+H
=4kWX
-----END PGP SIGNATURE-----




More information about the Bro mailing list