[Bro] Help with Bro source code
ysrivas at ncsu.edu
Thu Oct 27 14:37:44 PDT 2016
I am trying to understand the bro events engine for HTTP.
I see that the code has two places where http is handled:
1) build/src/protocol/http (files like events.bif.cc , events.bif.init.cc
2) src/protocol/http (files like HTTP.CC)
I am guessing the first one is the event engine and the second one is for
handling the incoming HTTP packets. is that correct?
Does anyone know of a runtime analysis tool which would be helpful in this
How do we generally go about to understand bro's code base, i am just a
beginner at this.
Would really appreciate all the help.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro