[Bro] Help with Bro source code

[Johanna Amann]

I am not sure if you already found it - we have
https://www.bro.org/development/howtos/index.html on our webpage for a few
pointers.

Apart from that, I don't think there is much that exists.

Johanna

On Fri, Oct 28, 2016 at 08:33:50AM -0400, Yagyesh Srivastava wrote:
> Thanks Anthony.
> 
> I now have a basic understanding having gone through anthony kasza's blog.
> 
> Can someone please help me with any kind of material/slides for
> understanding bro source code?
> Any other help/source would really help me a lot!
> 
> Thanks,
> Yagyesh
> 
> On Thu, Oct 27, 2016 at 5:56 PM, anthony kasza <anthony.kasza at gmail.com>
> wrote:
> 
> > Hi Yagyesh,
> >
> > I wrote a blog about what I found while first exploring Bro's code base. I
> > hope you find it helpful.
> > http://supbrosup.blogspot.com/2014/10/out-of-scripts-and-into-core.html
> >
> > -AK
> >
> > On Oct 27, 2016 3:46 PM, "Yagyesh Srivastava" <ysrivas at ncsu.edu> wrote:
> >
> >> Hi,
> >>
> >> I am trying to understand the bro events engine for HTTP.
> >> I see that the code has two places where http is handled:
> >> 1) build/src/protocol/http (files like events.bif.cc , events.bif.init.cc
> >> and functions.bif.cc)
> >> 2) src/protocol/http (files like HTTP.CC)
> >>
> >> I am guessing the first one is the event engine and the second one is for
> >> handling the incoming HTTP packets. is that correct?
> >>
> >> Does anyone know of a runtime analysis tool which would be helpful in
> >> this case?
> >> How do we generally go about to understand bro's code base, i am just a
> >> beginner at this.
> >> Would really appreciate all the help.
> >>
> >> Thanks,
> >> Yagyesh
> >>
> >> _______________________________________________
> >> Bro mailing list
> >> bro at bro-ids.org
> >> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
> >>
> >

> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro