[Bro] Bro programming question
seth at icir.org
Mon Jan 21 17:31:04 PST 2013
On Jan 21, 2013, at 8:04 AM, Rawi Ramdhan <rawiramdhan at gmail.com> wrote:
> Im a student at the university of Amsterdam currently working on BRO in combination with SNORT.
I don't know what you're planning on doing, but have you noticed that Barnyard2 has support for a Bro output plugin? Each alert in the unified2 log file from Snort is turned into a Bro event.
> The following should log all data from 192.168.101.1 with TCP on port 0. And print it in a log file (which one?)
You're using the print statement so it will only print to stdout. You have to use the logging framework if you want actual logs. :)
> And where do I put the script to check the payload from this data and with that information execute a shell script via piped_exec(program: string, to_write: string): bool.
Just call your program with the full path in the program field and it should work fine.
International Computer Science Institute
(Bro) because everyone has a network
More information about the Bro