[Bro] Getting 'standard' Bro events into Python
Brian Wylie
briford.wylie at gmail.com
Fri Mar 24 10:54:52 PDT 2017
Okay, after a bit more hunting I see the new Broker communications docs.
- https://www.bro.org/sphinx/components/broker/README.html
- https://www.bro.org/sphinx/components/broker/broker-manual.html
I see that you can wrap the broker API with SWIG, so this is all good new.
Anyway happen to have/make/point me to a small example python script that
maybe subscribes to all connection events (events that go into conn.long)?
Thanks a bunch,
-Brian Wyli
On Thu, Mar 23, 2017 at 1:40 PM, Brian Wylie <briford.wylie at gmail.com>
wrote:
> Hi All,
>
> I'm fairly new to Bro and I have a question very similar to this one '
> http://mailman.icsi.berkeley.edu/pipermail/bro/2017-January/011389.html'.
>
> Basically I want the easiest/best path to get standard Bro events (conn,
> http, dns, ssl, weird..etc) into Python.
>
> 1) Is broctl / python-broccoli the best path?
> - Note: in my testing I had to use broctl> start . in order for my
> python Connection() to work
> - If this isn't necessary and I can do the same with just running
> Bro standalone pls let me know
>
> 2) If broctl/python-broccoli IS the best path then how do I 'subscribe' to
> the standard events?
> - Is there a list of the standard events?
> - If so do I just @event with a method that has the same name as the
> event?
>
> Sorry if these are naive questions, but so far my googling/trying/testing
> has been a bit hit-miss :)
>
> Cheers,
> -Brian Wylie
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20170324/a0716493/attachment.html
More information about the Bro
mailing list