[Bro] How BRO's in-built scripts are invoked in a flow one by one(one file after other file)
aniketpsavanand at gmail.com
Sat Dec 12 19:42:39 PST 2015
Thanks Anthony, Clark for your replies.
I got BRO installed as per
on my linux dual boot machine. Now, I am able to run the BRO using broctl
and I can see log files generated.
And I played with try.bro.org and saw how bro can capture traffic http,
I have succeeded doing above part only.
Now at this stage, How do I proceed with suggestions you provided?
I got many questions as
( 1 . So as Anthony suggested, to remove @load from these initial
boot-strap files init-default.bro and init-bare.bro.
But how do I that? I mean, where can I locate these files, and how do
modify them to remove @load and make them run, but with my above
2. As per Clark suggestion, I saw devel-tools list, but I could not figure
out how do use :
my current installation)
San Jose State
On Sun, Dec 6, 2015 at 8:57 PM, Aniket Savanand <aniketpsavanand at gmail.com>
> Thanks a lot.
> I will look into these files.
> Aniket Savanand
> On Sun, Dec 6, 2015 at 8:51 PM, Clark, Gilbert <gc355804 at ohio.edu> wrote:
>> In addition to what Anthony suggests:
>> Bro has an option to trace execution and write the results to a file: I
>> think it's '-T' or something along those lines. The trace file generated
>> by running bro with this option can show you which script functions were
>> called and in which order they were called ... but this option generates a
>> *lot* of output, and should therefore only be used offline and (probably)
>> with a relatively small capture file.
>> There's a benchmark script that ships with bro that also shows an example
>> of incrementally running bro with 1 script loaded, 2 scripts loaded, etc to
>> see how each script affects bro's runtime:
>> Also, maybe try taking a look at try.bro.org: it's a pretty nice way to
>> play with bro and become familiar with how things work.
> *Regards, *
> *Aniket Savanand,*
> *MS Software Engineering 2016,*
> *San Jose State University, CA*
> *Email <aniket.savanand at sjsu.edu> **Cellphone- +1-669-226-8162
*MS Software Engineering 2016,*
*San Jose State University, CA*
*Email <aniket.savanand at sjsu.edu> **Cellphone- +1-669-226-8162*
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro