[Bro] Howto

Martin Holste mcholste at gmail.com
Thu Jul 21 07:16:16 PDT 2011

Every year, at least once a year, I make an honest effort to implement
Bro and to start taking advantage of its advanced capabilities.  Each
year, I spend a few hours on it and give up.  I look through every doc
I can find on the Bro web site and in the tarball, but the lack of
sufficient examples and documentation always stifles any progress.  I
want this year to be different.  The purpose of this email is to find
out from you guys how to do the following (ideally in example form):

How do I write a policy to detect when an SSL connection has a
certificate which was created less than 30 days ago (not_valid_before
> 30 days ago)?
How do I send arbitrary connection data to an external program and
receive information back from it (and I need something more detailed
than "use broccoli")?



More information about the Bro mailing list