[Bro-Dev] Broker code question

Robin Sommer robin at icir.org
Mon Dec 14 15:23:41 PST 2015


Broker generates these two events in Bro:

    event BrokerComm::outgoing_connection_established(peer_address: string,
                                                      peer_port: port,
                                                      peer_name: string)
    
    event BrokerComm::incoming_connection_established(peer_name: string)

I was just trying to see if I could add the address and port arguments
to the incoming event as well, so that one knows where the connection
is coming from. For the outgoing version, the Broker codes stores the
information in "outgoing_connection_status", so I tried to add it to
the corresponding "incoming_connection_status" as well. But I can't
seem to find a good way to get to the peering information (which has
the address and port) at the times when that status is created.

Any ideas?

Robin

-- 
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin


More information about the bro-dev mailing list