[Bro] Help with Bro source code

Yagyesh Srivastava ysrivas at ncsu.edu
Fri Oct 28 05:33:50 PDT 2016

Thanks Anthony.

I now have a basic understanding having gone through anthony kasza's blog.

Can someone please help me with any kind of material/slides for
understanding bro source code?
Any other help/source would really help me a lot!


On Thu, Oct 27, 2016 at 5:56 PM, anthony kasza <anthony.kasza at gmail.com>

> Hi Yagyesh,
> I wrote a blog about what I found while first exploring Bro's code base. I
> hope you find it helpful.
> http://supbrosup.blogspot.com/2014/10/out-of-scripts-and-into-core.html
> -AK
> On Oct 27, 2016 3:46 PM, "Yagyesh Srivastava" <ysrivas at ncsu.edu> wrote:
>> Hi,
>> I am trying to understand the bro events engine for HTTP.
>> I see that the code has two places where http is handled:
>> 1) build/src/protocol/http (files like events.bif.cc , events.bif.init.cc
>> and functions.bif.cc)
>> 2) src/protocol/http (files like HTTP.CC)
>> I am guessing the first one is the event engine and the second one is for
>> handling the incoming HTTP packets. is that correct?
>> Does anyone know of a runtime analysis tool which would be helpful in
>> this case?
>> How do we generally go about to understand bro's code base, i am just a
>> beginner at this.
>> Would really appreciate all the help.
>> Thanks,
>> Yagyesh
>> _______________________________________________
>> Bro mailing list
>> bro at bro-ids.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20161028/c907394d/attachment.html 

More information about the Bro mailing list