[Bro] Spicy & logging framework
Robin Sommer
robin at icir.org
Tue Dec 1 20:28:14 PST 2015
On Tue, Dec 01, 2015 at 22:29 -0500, Troy Jordan wrote:
> Is there a special method for invoking the Bro logging framework when
> writing protocol analyzers in Spicy?
The model is to keep doing that from Bro script-land, just as with the
standard analyzers as well. So you'd trigger the events from Spicy,
via the *.evt files, and then write Bro script code to create your log
file.
If your new Spicy-based Modbus parser generated exactly the same
events as the legacy one, you'd automatically get the same log file as
well. If not (which I deem more likely :-), you'll have to write new
scripts replacing the current ones.
Robin
--
Robin Sommer * ICSI/LBNL * robin at icir.org * www.icir.org/robin
More information about the Bro
mailing list