[Bro] xml / json parsers
robin at icir.org
Tue Jan 12 10:01:17 PST 2010
On Mon, Jan 11, 2010 at 17:29 -0500, you wrote:
> Has anyone out there written a generic xml and/or json parser for
yes and no. "No" because not in the traditional sense of manually
writing a parser. "Yes" because there's what I think is a very cool
piece for analyzing XML: we have an exerimental analyzer that
performs live xqueries: it looks for XML documents going over there
wire and then performs customizable queries to extract interesting
stuff; the results of the queries are then *automatically* turned
into events, for which which you can then write Bro script handlers
for further processing.
If you want to give it a try, you can find the analyzer in my work
branch (see CHANGES.features there). It is however indeed quite
experimental. The basic functionality is there and should be
working but the main open question is performance: I have no idea
whether the XML libraries it uses are sufficientlt efficient for
realistic online operation. Nobody has really looked into that yet.
(The analyzer doens't have a maintainer anymore as the person who
wrote it has moved on to other things).
 Hhaven't tried it in a while though; it pulls in these huge XML
libraries, and I remember some trouble gettting it to compile with
updated versions; that might take a few cycles again assuming
further library updates have come out in the meantime.
Robin Sommer * Phone +1 (510) 666-2886 * robin at icir.org
ICSI/LBNL * Fax +1 (510) 666-2956 * www.icir.org
More information about the Bro