[Bro] bro loggers
Christian Kreibich
christian at whoop.org
Wed Jun 1 10:24:23 PDT 2005
Hi Mike,
On Wed, 2005-06-01 at 11:10 -0500, Mike Muratet wrote:
> Greetings
>
> I am integrating bro into a larger system so that I can use it to keep track
> of connections (which seems easier than trying to write a method from
> scratch with pcap). I thought it would be straightforward to grep for print
> or email or alarm statements to figure out where to put the hooks for an IPC
> message but so far it eludes me. Is there a principal module for outputting
> the notifications?
where in Bro such code is located depends on the semantics of the
notification system. For example, there's syslogging in Logger.cc, while
email notification is implemented in notice.bro.
I'm not familiar with your requirements, but since you're mentioning IPC
you should probably be introduced to the power of Broccoli! :) Using
this library you can integrate external applications into your Bro
network by exchanging full-blown Bro events -- assuming there exist
connection events in Bro suitable to your needs, you could have these
events forwarded to your application for further processing.
http://www.cl.cam.ac.uk/~cpk25/broccoli/index.html
If this looks like it does what it needs, then please do get in touch so
we could discuss this further.
Cheers,
Christian.
--
________________________________________________________________________
http://www.cl.cam.ac.uk/~cpk25
http://www.whoop.org
More information about the Bro
mailing list