[Bro-Dev] Notices done as event instead of function
Seth Hall
seth at icir.org
Thu Jun 2 12:50:04 PDT 2011
On Jun 2, 2011, at 3:46 PM, Vern Paxson wrote:
>> I just worked around this problem by allowing users to add anonymous functions to a set of functions that get called for each notice.
>
> Hmmm, this suggests another easy fix, which is that NOTICE itself genereates
> an event, such as secondary_notice_event, and thus that want to hook
> non-time-critical stuff on can use that.
Yep, that's essentially how it's done with emphasis on the event based notice extension and the function based notice code there in case someone needs it.
I'm going to be committing a lot of updates to the notice code in just a minute if you'd like to take a look at it.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
More information about the bro-dev
mailing list