[Bro] How can i find some fields?
G-Mail
eureka386 at gmail.com
Sun Nov 4 04:47:07 PST 2012
first of all, please understand my poor English. Because I'm not live in English-speaking country.
I'm interested in Bro and Bro scripts nowadays. It's very flexible.
But, I don't know how to create a module's fields. For example, DNS module in bro has some fields of "Info".
===================== base/protocols/dns/main.bro
module DNS;
export {
## The DNS logging stream identifier.
redef enum Log::ID += { LOG };
## The record type which contains the column fields of the DNS log.
type Info: record {
## The earliest time at which a DNS protocol message over the
## associated connection is observed.
ts: time &log;
## A unique identifier of the connection over which DNS messages
## are being transferred.
uid: string &log;
## The connection's 4-tuple of endpoint addresses/ports.
id: conn_id &log;
## The transport layer protocol of the connection.
proto: transport_proto &log;
………..last part omitted…………
=====================
I have tried 'SMB' module. But I didn't know where i can get fields.
here is my question.
1. Can I get protocol fields? (such as DNS, HTTP, SSL module's Info fields)
2. Where I should to find the fields? (source code?)
3. If it is not possible, how can some people write a bro script?
like these
https://gist.github.com/maxfeldman14/brospects/tree/4f9aee880234bd27d9fcab82a7410fa455ddaf42
https://github.com/sheharbano/scan/blob/master/scan.bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20121104/fc4e8d6d/attachment.html
More information about the Bro
mailing list