[Bro] Receiving bro events via broccoli API
Christian Kreibich
christian at whoop.org
Thu Jun 16 11:25:42 PDT 2005
On Thu, 2005-06-16 at 08:47 +0200, Stefan Kornexl wrote:
>
> > The events in conn.bro have 'connection' objects as their parameters. As I
> > understand the manuals, I can get the fields out of the object with the
> > bro_record_get_xxxx methods?
>
> Your callback function needs to have a BroRecord* as one of its
> arguments at the appropriate position, and yes, then you can use the
> bro_record_get_xxxx functions to access the fields in that record
> passed to your callback when the event arrives.
Yeah, exactly. Note that connection records are rather complex to handle
at the Broccoli level because they contain nested records, so it may
require a bit of work to get to the fields you're interested in. Just
follow the structure laid out in bro.init.
Cheers,
Christian.
--
________________________________________________________________________
http://www.cl.cam.ac.uk/~cpk25
http://www.whoop.org
More information about the Bro
mailing list