[Bro] Trace Execution with broctl

Robin Sommer robin at icir.org
Mon Apr 4 09:13:42 PDT 2011


On Mon, Apr 04, 2011 at 10:27 -0400, Will wrote:

> I saw some posts about potentially having a 'read' command, but it doesn't
> appear to be implemented yet.

No, it's not yet, but that would indeed be a good thing to have. I
don't think we have a tracker ticket for that yet iirc, would you mind
filing one at http://tracker.icir.org, describing what you'd like to
see (and if you're up for it, perhaps even summarizing the earlier
discussion?)

(Note the tracker is currenlty reporting some errors while we are
moving things to a new server; filing tickets is however working). 

> I am really trying to understand how to modify a few things that are being
> done by the broctl scripts.

Likewise, can you describe in a bit more detail what you'd like to
do/see? We are planing to add a plugin interface to BroCtl, hopefully
in time for the next release, that will allow to have custom code
executed before/after any of the commands is run. We have a ticket for
that: http://tracker.icir.org/bro/ticket/370. Feel free to add more
thoughts to it. (The link to the proposal mentioned in the ticket is
currently not public, again because we're working on the
infrastructure; but here's a copy:
http://www.icir.org/robin/tmp/broctl-plugins.html)

Robin

-- 
Robin Sommer * Phone +1 (510) 722-6541 * robin at icir.org
ICSI/LBNL    * Fax   +1 (510) 666-2956 *   www.icir.org



More information about the Bro mailing list