[Bro] Accessing bro variables in c
Mike Muratet
mike.muratet at torchtechnologies.com
Thu Jun 16 10:11:17 PDT 2005
Greetings
I've run up against another glitch in my efforts to get data out of bro. I
am receiving the 'connection_finished' event from the conn.bro policy which
sends a bro type 'connection' record. I am processing the event with the
call back method:
void bro_conn_callback(BroConn* bc, BroRecord* conn)
{
void* result;
char* service;
bro_record_get_named_val(conn, "service", BRO_TYPE_STRING, result);
service = strdup((char*)result);
printf("%s event received\n", service);
free(service);
}
When I ssh into the host machine and exit it triggers the event as it
should, but the callback prints out an empty string.
My experiments with the bro type 'time' variable start_time are equally
unsuccessful. Is the type equivalent to the c double, or is it a timestamp
structure? (I didn't find it in the bro manual.)
Am I going about this all wrong?
Thanks
Mike
More information about the Bro
mailing list