[Bro] Hooking into source/destination heuristic
Seth Hall
seth at icir.org
Tue Jan 3 10:47:23 PST 2012
On Jan 3, 2012, at 12:09 PM, Jim Mellander wrote:
> Can I hook into the
> connection_established event, and switch source/destination in the
> connection record, or are bad things likely to happen as a
> consequence?
I don't think there is a way to do it as dynamically as you want. It would be a very easy BiF to write though. Please file a ticket and we'll see about working it in for the 2.1 release.
.Seth
--
Seth Hall
International Computer Science Institute
(Bro) because everyone has a network
http://www.bro-ids.org/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 495 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20120103/d462d49c/attachment.bin
More information about the Bro
mailing list