[Bro] Best practice on how to customize an officially distributed script

Luis Miguel Silva luismiguelferreirasilva at gmail.com
Sun Feb 1 21:35:25 PST 2015


Dear all,

I would like to change the known-hosts.bro script to log both the ip and
macaddr for all known hosts in my network.

What are the best practices for customizing scripts that ship with bro
(e.g. distributed in the /usr/share/bro/* directory)?

Am I supposed to just:
- copy the script I want to customize to my share/bro/site/
- and change local.bro to load the script in share/bro/site/ instead of
share/bro/policy/protocols/conn/known-hosts.bro?

Thank you,
Luis
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20150201/e77178cd/attachment.html 


More information about the Bro mailing list