[Bro] software.log

John Babio jbabio at po-box.esu.edu
Wed Dec 4 08:12:25 PST 2013

Here is what I have so far. It is working but I don’t know if it is written correctly.

@load base/frameworks/notice

@load base/frameworks/software

module OLD_JAVA;

module HTTP;

export {

        redef enum Notice::Type += {




event http_header(c: connection, is_orig: bool, name: string, value: string) &priority=2


        if ( Software::found(c$id, [$unparsed_version="Java/1.7.0_40", $host=c$id$orig_h]));


                NOTICE([$note=OLD_JAVA::Java_seen, $msg=fmt("Old Java Seen")]);



More information about the Bro mailing list