[Bro] New bro types when writing a plugin
Vitaly Repin
vitaly.repin at gmail.com
Wed Mar 28 00:32:33 PDT 2018
Hello,
Take a look into this example: https://github.com/vitalyrepin/uap-bro I
have defined three record types in that plugin: DeviceRec, UserAgentRec and
AgentRec.
P.S. I think bro-dev is a better mailing list to discuss bro dev. issues:
http://mailman.icsi.berkeley.edu/mailman/listinfo/bro-dev
2018-03-27 19:31 GMT+03:00 D.W. <brot212 at googlemail.com>:
> Hey there,
>
> I'm writing an analyzer as a plugin and I would like to create some new
> bro data type (record type to be exact) to hand over some protocol data
> in a compact form as parameters to the event functions.
>
> For now I have declared the new types in types.bif and defined them in
> init-bare.bro, but I don't think that this is the right way, because I
> have to manually modify the bro source files.
>
> Is there a way to declare and define the new type inside the plugin
> source files, so that the types will be featured in bro after the plugin
> was installed?
>
> Greetings,
>
> Dane
>
> _______________________________________________
> Bro mailing list
> bro at bro-ids.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/bro
>
--
WBR & WBW, Vitaly
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/bro/attachments/20180328/9c532092/attachment.html
More information about the Bro
mailing list